Phishing Alert: Fraudulent Billing Statement Scam Mimics Pitt Passport Login Page | Information Technology | University of Pittsburgh

You are here

Phishing Alert: Fraudulent Billing Statement Scam Mimics Pitt Passport Login Page

Monday, July 24, 2023 - 20:49

Pitt Information Technology is aware of a new scam advertising a fraudulent billing statement for courses taken in the summer 2023 term. The scam, which may appear to originate from an external email address or a address, indicates that payment is due in full. The email message includes links that claim to direct recipients to myPitt or a billing page. The links actually open a harmful website that mimics the Pitt Passport login page and attempts to capture the recipient’s login credentials

Below is a sample of the scam. Pitt IT is contacting individuals who received the scam and advising those who may have provided their credentials to change their University Computing Account password immediately.


Subject: New Billing Statement Uploaded 

A new statement has been issued for your account for the Summer 2023 term.

Amount Due:  $1,062.75

All amounts are due in full. Payment plans are not an option.

Payment Deadlines:

July 24 -Courses starting

Drop/Refund Dates:

14-week courses- 100% first 4 days and 75% second 4 days

10-week or less courses- 100% first 2 days and 75% second 2 days

myPitt Online Contact Information:

Check your status – myPitt (link removed)

Access Statement:

  • Log into myBill  (link removed)
  • Click on View Statements (link removed)


Students are responsible for monitoring their student account and staying aware of current charges/account balances


Additional guidance for spotting phishing scams is available on Pitt IT’s website. Keep in mind these key points:

  • Only approve multifactor authentication (Duo) requests that you have initiated. Duo is designed to prevent unauthorized access to your information and University data, but it requires constant vigilance. Never tap “Approve” if you receive a Duo authentication request that you were not expecting. Uninitiated authentication requests may be an attacker attempting to compromise your Pitt account. The only safe Duo authentication request you will receive is one you request when logging in to University services.
  • Do not reply to unsolicited emails or emails from unverifiable sources. If you were not expecting to receive such an email, confirm with the sender prior to interacting with the message. If you must interact with the message, avoid clicking on links contained in such emails. These may lead to sites that contain malicious software, or sites that attempt to steal your credentials. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.
  • Stay safe when scanning QR codes. Never scan a QR code from an unknown or untrustworthy source. When you do scan a QR code, be sure to use a scanner app that provides a preview of the destination so that you can review the URL and decide if it is safe. If you scan a QR code and the site is unrelated to what you scanned or requires a login, close out of your browser immediately.
  • Install an antivirus solution for personal devices. Staff and faculty should be using Microsoft Defender to protect University-owned devices.

Please contact the Technology Help Desk at +1-412-624-HELP (4357) if you have any questions regarding this announcement.