Pitt Information Technology has identified two new email phishing scams targeting the University. Both scams attempt to trick the reader into providing their University password on a fake login page.
Scam 1: Your Mailbox Is Almost Full
The first scam claims that the recipient’s mailbox is almost full. The message may come from an email address outside Pitt, or it may appear to come from a Pitt user. Below is a sample of the scam.
Subject: Your mailbox is almost full.
Your mailbox is almost full.
Your mailbox will no longer be able to send messages once it's full, until you increase or maintain and manage your mailbox storage.
Visit the Outlook Office Portal and sign in to increase and manage your mailbox Storage.
ITS Service Desk
The message contains a malicious link that directs recipient to a simulated Office 365 login page like the one shown below, where they are prompted to enter their username, email address, and password.
Scam 2: Employee Assistance Program Cash Incentive
The second scam claims that University faculty and staff can apply for $3,700 in cash assistance through the Employee Assistance Program. Below is a sample of the scam.
Subject: FW: Employee Assistance Program (E.A.P)
The Employee Assistance Program (E.A.P) has decided to support all employees with cash assistance as part of a benefit plan to help staff/employees get through the hard times due to the COVID-19 pandemic.
The Employee Assistance Program will provide $3,700 in assistance to all qualified employees after applications are reviewed, processed, and approved.
Visit the E.A.P Support page follow all instructions carefully, and enter the most appropriate details to apply.
Note: the support program is only available to qualifying employees. All the information requested is required for your application to be processed.
Employee Assistance Program.
COVID-19 Support Team.
The message contains a link that directs recipient to a malicious webpage like the one below that attempts to collect their username, email address, and password.
If you receive these messages (or any message similar to them), please report them as phishing scams by forwarding the email messages as attachments to firstname.lastname@example.org. Detailed instructions on reporting scams are available at http://technology.pitt.edu/phishingscams.
Pitt IT strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. If you were not expecting to receive such an email, confirm with the sender prior to interacting with the message. If you must interact with the message, avoid clicking on links contained in such emails. These may lead to sites that contain malicious software, or sites that attempt to steal your credentials. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.
In addition, Pitt IT recommends that all students, faculty, and staff install Antivirus and Anti-Malware (Malwarebytes) Protection. Departments can submit a help request to obtain Malwarebytes for multiple machines.
Please contact the 24/7 IT Help Desk at 412-624-HELP (4357) if you have any questions regarding this announcement.