!

Phishing

Phishing Alert: Webmail Scam Mimics Pitt Passport Login Page

Thursday, August 4, 2016 - 11:43

 

Computing Services and Systems Development (CSSD) is responding to a new email phishing scam that claims your Webmail has been placed on "limitation" status because an unrecognized device has attempted to login. The email asks readers to click a link to keep their Pitt account safe. The link directs readers to a harmful site that mimics the Pitt Passport login page and attempts to collect their username and password. The email scam usually originates from a University email address.

The following is a sample of the recent fraudulent email. If you receive this message (or any message similar to it), please report it as a phishing scam by forwarding the email message as an attachment to phish@pitt.edu. Detailed instructions on reporting scams are available at http://technology.pitt.edu/phishingscams.

******************************************************************************

Subject: Your webmail is limited

We noticed a login attempt to your PITT account from an unrecognized device on Thur, August 04, 2016.    As part of our Security Agreement we have place your account on "Limitation".   

Please follow the link below to keep your PITT account safe:  

<hyperlink removed>

Thanks for taking these additional steps to keep your account safe.

******************************************************************************

The link in the phishing email directs readers to a malicious Web page (shown below) that mimics the Pitt Passport login page. Remember that the real Pitt Passport login page always begins with https://passport.pitt.edu in the address bar.

Fake Pitt Passport login page

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement.

Phishing Alert: Multiple Email Message Scams

Tuesday, October 25, 2016 - 15:28

 

Computing Services and Systems Development (CSSD) is responding to a series of new email phishing scams that claim to be messages requiring immediate action. These messages contain a link to a malicious Web page. These email scams appear to originate from the University or the IT Help Desk.

The following are samples of the recent fraudulent emails. If you receive one of these messages (or any message similar to it), please report it as phishing a scam by forwarding the email message as an attachment to phish@pitt.edu. Detailed instructions on reporting scams are available at http://technology.pitt.edu/phishingscams.

******************************************************************************

Phish 1 - Subject: Meeting Notification

Phish 1 Text:

 

Dear User,

You have a meeting notification.

Click here for details. (link removed)

University of Pittsburgh

 

******************************************************************************

Phish 2 - Subject: To All Faculty\Staff

Phish 2 Text:

 

To All Faculty\Staff

Take note of this important update that our new web mail has been improved with a new messaging system from Outlook Web Access which also include faster usage on email, shared calendar, web-documents and the new 2016 anti-spam version.

Please use the link below to complete your upgrade for our new Outlook Web Access improved web mail.

CLICK on FACULTYANDSTAFFUPGRADE (link removed)

Regards,

IT Service Desk Support.

 

 

Disclaimer For Henry County Schools "The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this message in error, please contact the sender and delete the material from all computers."

 

******************************************************************************

Phish 3 – Subject: IT-Service Help Desk : VALIDATE MAIL ACCOUNT

Phish 3 Text:

 

Your password will soon expire in 24HRS. Please Click HELPDESK/VALIDATE (link removed) to Validate your account.

Thank you,

 

IT-Service Help Desk

******************************************************************************

The link in these phishing emails directs readers to a malicious Web page (shown below) that either mimics an Outlook Web App login page or a Pitt Passport login page and attempts to collect your username and password.

Fake Outlook Web app page

Fake Pitt Passport page

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement.

Phishing Alert: PITT Faculty/Staff Message Scam

Friday, October 28, 2016 - 15:19

 

Computing Services and Systems Development (CSSD) is responding to a new email phishing scam that claims that the user has a new, important message from Pitt faculty/staff. The message contains a link to a malicious Web page. The email scam appears to originate from the University.

The following is a sample of the recent fraudulent email. If you receive this message (or any message similar to it), please report it as a phishing scam by forwarding the email message as an attachment to phish@pitt.edu. Detailed instructions on reporting scams are available at http://technology.pitt.edu/phishingscams.

******************************************************************************

Subject: Important Message from PITT Faculty/Staff

Dear Employee:

You have new important message from Faculty/Staff.

Thank You

Click here (link removed) to read

Information Technology Services(ITS)

University of Pittsburgh

 

CONFIDENTIALITY NOTE: The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information.

Please consider the environment before printing this e-mail.

******************************************************************************

The link in the phishing email directs readers to a malicious Web page (shown below) that mimics the Pitt Passport login page and attempts to collect your username and password.

Fake Pitt Passport page

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement.

Reminder: Beware of telephone phishing scams

Monday, November 14, 2016 - 08:46

 

Remember to be vigilant for telephone phishing scams that attempt to trick you into divulging sensitive personal data. These scams may take the form of an automated message claiming that a lawsuit has been filed against you, a call claiming to provide technology support, or even calls claiming to be from the FBI to discuss student loans or dues, delinquent taxes, or overdue parking tickets.

CSSD strongly recommends that you do not reply to unsolicited phone calls or emails from unverifiable sources. More information about phishing is available at our Web site at http://technology.pitt.edu/security/phishing-awareness. Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement.

Phishing Alert: Multifactor Scam Mimics Pitt Passport Login Page

Friday, December 9, 2016 - 13:29

 

Computing Services and Systems Development (CSSD) is responding to a new email phishing scam that claims new authentication requirements are coming to Pitt. The email asks readers to click a link to set up Duo multifactor authentication. The link directs readers to a harmful site that mimics the Pitt Passport login page and attempts to collect their username and password. The email scam usually originates from a non-University email address.

The following is a sample of the recent fraudulent email. If you receive this message (or any message similar to it), please report it as a phishing scam by forwarding the email message as an attachment to phish@pitt.edu. Detailed instructions on reporting scams are available at http://technology.pitt.edu/phishingscams.

******************* VERSION 1 OF SCAM *******************************

Subject: New Authentication Requirements Coming Soon for All PITT Users

Hello Pitt!!

Set Up your Duo University of Pittsburgh Authentication Now Click the Link Below.

<Link Removed>

Thanks

******************************************************************************

 

******************* VERSION 2 OF SCAM *******************************

Subject: Authentication Requirements for All PITT Users

Hello Pitt!!

Sign in your University of Pittsburgh email For Quick Authentication Now!  Click the Link Below.

Update button leads to fake Pitt Passport page

Thanks

University of Pittsburgh

******************************************************************************

The link in the phishing email directs readers to a malicious Web page (shown below) that mimics the Pitt Passport login page. Remember that the real Pitt Passport login page always begins with https://passport.pitt.edu in the address bar.

Fake Pitt Passport Login Page

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement.

Phishing Alert: Outlook Web App Upgrade Scam

Tuesday, December 13, 2016 - 09:13

 

Computing Services and Systems Development (CSSD) is responding to a new email phishing scam that claims to be from the IT Service Desk Support. The email states that Webmail has been improved and that staff and faculty should click on the link to update it. The link directs the user to a malicious Web page which attempts to steal the user's credientails. 

The following is a sample of the recent fraudulent email. If you receive this message (or any message similar to it), please report it as a phishing scam by forwarding the email message as an attachment to phish@pitt.edu. Detailed instructions on reporting scams are available at http://technology.pitt.edu/phishingscams.

******************************************************************************

Subject: To All Faculty\Staff

 To All Faculty\Staff

Take note of this important update that our new web mail has been improved with a new messaging system from Outlook Web Access which also include faster usage on email, shared calendar, web-documents and the new 2016 anti-spam version.  

Please use the link below to complete your upgrade for our new Outlook Web Access improved web mail.
CLICK on FACULTYANDSTAFFUPGRADE (link removed)

Regards,

IT Service Desk Support.

******************************************************************************

The link in the phishing email directs readers to a malicious Web page (shown below) that mimics the Outlook Web App login page.

[[{"type":"media","view_mode":"media_large","fid":"996","attributes":{"alt":"","class":"media-image","height":"480","typeof":"foaf:Image","width":"454"}}]]

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement.

Phishing Alert: Pitt Quick Authentication Scam

Monday, December 19, 2016 - 16:14

Computing Services and Systems Development (CSSD) is responding to a new email phishing scam that claims you must sign in to your University email address for Quick Authentication. The link in the body of the email message directs the user to a malicious Web page that mimics the University's Pitt Passport login page and attempts to steal the user's credientails. The email scam usually originates from a University email address.

The following is a sample of the recent fraudulent email. If you receive this message (or any message similar to it), please report it as a phishing scam by forwarding the email message as an attachment to phish@pitt.edu. Detailed instructions on reporting scams are available at http://technology.pitt.edu/phishingscams.

******************************************************************************

Subject: Authentication Requirements for All PITT Users 

Hello Pitt!!

Sign in your University of Pittsburgh email For Quick Authentication Now!  Click the Link Below  

UPDATE

<link removed>  

Thanks

University of Pittsburgh

******************************************************************************

The link in the phishing email directs readers to a malicious Web page (shown below) that mimics the University's Pitt Passport login page. Remember that the real Pitt Passport login page always begins with https://passport.pitt.edu in the address bar.

Fake Pitt Passport login page

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement.

Phishing Alert: Message from PNC Bank Scam

Monday, December 19, 2016 - 16:32

 

Computing Services and Systems Development (CSSD) is responding to a new email phishing scam that claims that the user has a new, important message from PNC Bank. The email bank asks the user to provide credentials in order to provide improved security for their account, and they need to click the link and verify their usernames and credentials. Opening the email link redirects the user to a malicious external site which then attempts to gather usernames and credentials.

The following is a sample of the recent fraudulent email. If you receive this message (or any message similar to it), please report it as a phishing scam by forwarding the email message as an attachment to phish@pitt.edu. Detailed instructions on reporting scams are available at http://technology.pitt.edu/phishingscams.

******************************************************************************

Subject: Important Update About Your PNC Online Baning Details

Fake TIAA page

******************************************************************************

The link in the phishing email directs readers to a malicious Web page (shown below) that mimics a PNC login page and attempts to gather usernames and credentials.

Fake PNC Vank page

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement.

Phishing Alert: Pitt ITS Services Email Authentication Scam

Thursday, December 22, 2016 - 13:10

 

Computing Services and Systems Development (CSSD) is responding to a new email phishing scam that claims that it is from "ITS Services” and states there is a new message from faculty/staff. The link in the body of the email message directs the user to a malicious Web page that mimics the University's Pitt Passport login page and attempts to steal the user's credentials. The email scam appears to originate from a University email address.

The following is a sample of the recent fraudulent email. If you receive this message (or any message similar to it), please report it as a phishing scam by forwarding the email message as an attachment to phish@pitt.edu. Detailed instructions on reporting scams are available at http://technology.pitt.edu/phishingscams.

******************************************************************************

Subject: Important message from PITT Faculty/Staff 

Dear Employee:

You have new important message from Faculty/Staff.

Click here <link removed> to read

Thank You

University of Pittsburgh




CONFIDENTIALITY NOTE: The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information.

Please consider the environment before printing this e-mail.

******************************************************************************

The link in the phishing email directs readers to a malicious Web page (shown below) that mimics the University's Pitt Passport login page. Remember that the real Pitt Passport login page always begins with https://passport.pitt.edu in the address bar.

Fake Pitt Passport login page

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement.

Phishing Alert: "IT Desk" Scam

Wednesday, August 31, 2016 - 13:43

 

Computing Services and Systems Development (CSSD) is responding to a new email phishing scam that claims your email account will be removed due to "congestion" unless you click a link to confirm it. The link directs readers to a harmful Web page that attempts to collect their username and password. The email scam usually originates from a University email address.

The following is a sample of the recent fraudulent email. If you receive this message (or any message similar to it), please report it as a phishing scam by forwarding the email message as an attachment to phish@pitt.edu. Detailed instructions on reporting scams are available at http://technology.pitt.edu/phishingscams.

******************************************************************************

Subject: IT Desk

Maintenance Unit,

Due to congestion in all accounts,there shall be a removal

exercise of all used and unused Email

Accounts. IT DESK Inc would be shutting down several accounts.You will

have to confirm your Email Account. So you are required to

log on to your Online Email Account Details with the provided link below.

<LINK REMOVED>

Thank you for your co-operation

© 2016 All rights reserved.

******************************************************************************

The link in the phishing email directs readers to a malicious Web page (shown below) that attempts to collect your username and password.

IT Desk scam

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement.