Pitt Information Technology has identified an email phishing scam targeting faculty and staff that purports to be from the University but originates from an outside source. It is likely that the intent of the scammers is to gain access to the recipient’s Pitt accounts, as well as obtain information for use in stealing the person’s identity.
The email states that an important message is available in the employee portal and instructs the recipient click a link in the message to respond. The link leads to a malicious website that mimics Pitt Passport and asks the user to enter their username, password, social security number, and date of birth.
Note that the University does not ask users to provide their social security number or date of birth as part of the normal login process. If you entered your username and password into the malicious website, please reset your University password as soon as possible.
The following is a sample of the fraudulent email. If you receive this message (or any message similar to it), please report it as a phishing scam by forwarding the email message as an attachment to email@example.com.
Example of Phishing Email:
Example of Fraudulent Pitt Passport Page:
Pitt IT strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. If you were not expecting to receive such an email, confirm with the sender prior to interacting with the message. If you must interact with the message, avoid clicking on links contained in such emails. These may lead to sites that contain malicious software, or sites that attempt to steal your credentials. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.
In addition, Pitt IT recommends that all students, faculty, and staff install Antivirus and Anti-Malware (Malwarebytes) Protection. Departments can submit a help request to obtain Malwarebytes for multiple machines.
Please contact the 24/7 IT Help Desk at 412-624-HELP (4357) if you have any questions regarding this announcement.