Phishing Alert: Library Account Expiration Scam Mimics Pitt Passport Login Page

Friday, July 7, 2017 - 09:37

Computing Services and Systems Development (CSSD) is responding to a new email phishing scam that claims your library account has expired and must be reactivated immediately or it will be closed. The email contains a link to reactivate your account. The link actually takes visitors to a harmful web page that mimics the Pitt Passport login page and attempts to collect their username and password. The email scam appears to originate from a Gmail email address that begins with pitlibrary1.

The following is a sample of the recent fraudulent email. If you receive this message (or any message similar to it), please report it as a phishing scam by forwarding the email message as an attachment to phish@pitt.edu. Detailed instructions on reporting scams are available at http://technology.pitt.edu/phishingscams.


Subject: Library Account

Dear User, 

Your library account has expired, therefore you must reactivate it immediately or it will be closed automatically. If you intend to use this service in the future, you must take action at once!
To reactivate your account, simply visit the following page and login with your library account.

Login Page:


University of Pittsburgh
4200 Fifth Avenue
Pittsburgh, PA 15260


The link in the phishing email directs readers to a malicious Web page (shown below) that mimics the Pitt Passport login page. Remember that the real Pitt Passport login page always begins with https://passport.pitt.edu in the address bar.

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcemen

New Vulnerability Affects WordPress Plugin WP Statistics

Monday, July 3, 2017 - 15:45

A newly discovered vulnerability in a popular WordPress plugin could allow an attacker to take control of an affected website. WordPress is open-source content management software that is used to manage and publish websites. A SQL Injection vulnerability exists in the WP Statistics plugin, which WordPress site administrators can use to view information about the number of visitors to their website and other web page statistics. 

This vulnerability is patched in WP Statistics 12.0.8, the latest version of the WP Statistics plugin. If you administer a WordPress site and use an older version of the WP Statistics plugin, Computing Services and Systems Development recommends that you upgrade to the latest version of WP Statistics as soon as possible.

Please contact the Technology Help Desk at 412 624-HELP [4357] if you have any questions regarding this announcement.

ArcGIS for Faculty / Staff / Depts.

Create and edit geographic data. Includes data visualization, query, and analysis tools.


Protect Your Password

Directory Services: What is a Responsibility Center Account Administrator?

University academic and administrative units are grouped into Responsibility Centers (RCs). In order to limit the number of individuals with privileges to create and manage sponsored accounts, each RC has designated Responsibility Center Account Administrators (RC Administrators) to manage computing resources. RC Administrators assist faculty and staff with their primary accounts. They are responsible for distributing initial passwords to new University employees. They can also create sponsored accounts for approved purposes.

Walk Right In

Jon and our Support team provide walk-in assistance when you need a hand installing software, connecting to the network, or fixing your computer.