Pitt Information Technology is aware of a Microsoft 365 phishing scam targeting the University of Pittsburgh community. The scam claims that all the recipient’s emails and Word, Excel, and PowerPoint files will be deleted unless they update their Microsoft 365 account. The email contains a QR code that takes recipients to a harmful website that attempts to collect their Pitt credentials. The scam originates from a pitt.edu email address and typically uses “ACT FAST NOW !!!” as its Subject.
The following is a sample of the scam. Pitt IT is contacting individuals who received the scam and advising those who may have provided their credentials to change their University Computing Account password immediately.
Subject: ACT FAST NOW !!!
Dear PITT User,
We accepted a request to deauthorize or delete your Microsoft 365 Login: due to having two separate (college/universities) accounts on Microsoft 365 platform or service.
Your organization's IT department has begun the deauthorize or delete process. If you did not authorize or initiate these actions and you have no knowledge of it, you are advised to re-verify your account Login.
If you have only one college account, fill in the correct user and passcode then submit. But if you are in a dual credit college, Pls fill in the correct username and password for both school and submit.
Failure to re-verify will result in the closing of your account and you will lose all your files (includes a suite of productivity applications such as Word, Excel, PowerPoint, Outlook, and more, along with cloud services like OneDrive and Microsoft Teams.) on these Microsoft 365 accounts. Login.
Please give us 24 hours to deauthorize or delete your Account Login if you authorize or initiate the request.
To re-verify or deauthorize or delete your Account. Login
Scan a QR code to your phone/ Be sure to turn on QR code on camera settings.
Additional guidance for spotting phishing scams is available on Pitt IT’s website. Keep in mind these key points:
- Only approve multifactor authentication (Duo) requests that you have initiated. Duo is designed to prevent unauthorized access to your information and University data, but it requires constant vigilance. Never tap “Approve” if you receive a Duo authentication request that you were not expecting. Uninitiated authentication requests may be an attacker attempting to compromise your Pitt account. The only safe Duo authentication request you will receive is one you request when logging in to University services.
- Do not reply to unsolicited emails or emails from unverifiable sources. If you were not expecting to receive such an email, confirm with the sender prior to interacting with the message. If you must interact with the message, avoid clicking on links contained in such emails. These may lead to sites that contain malicious software, or sites that attempt to steal your credentials. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.
- Stay safe when scanning QR codes. Never scan a QR code from an unknown or untrustworthy source. When you do scan a QR code, be sure to use a scanner app that provides a preview of the destination so that you can review the URL and decide if it is safe. If you scan a QR code and the site is unrelated to what you scanned or requires a login, close out of your browser immediately.
- Install an antivirus solution for personal devices. Staff and faculty should be using Microsoft Defender to protect University-owned devices.
Please contact the 24/7 IT Help Desk at +1-412-624-HELP (4357) if you have any questions regarding this announcement.