Pitt Information Technology has received reports of a new email phishing scam that claims to be a DocuSign approval request. The recipient is asked to click a link to review and sign documents. The link actually leads to a harmful document stored in a cloud service like SharePoint, OneDrive, or Dropbox. The document may download harmful software or prompt the reader to share their password. The scam often uses an .edu email address and may appear to originate from another university or educational institution.
Below is a sample of the recent fraudulent email. If you receive an email similar to the one below, make sure to verify with the original sender that it is a valid DocuSign approval request before taking any action.
If you receive a message you believe to be a scam, please report it by forwarding the email message as an attachment to phish@pitt.edu. Detailed instructions on reporting scams are available at our phishing awareness page.
**********************************
From: Doe, Jane Doe <edu address>
Subject: Your Approval is required
Regards,
Jane Doe
**********************************
Pitt IT strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain malicious software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.
In addition, Pitt IT recommends that all students, faculty, and staff install Antivirus (Symantec Endpoint) and Anti-Malware (Malwarebytes) Protection. Both are available at no cost through the Software Download Service. Departments can submit a help request to obtain Malwarebytes for multiple machines.
Please contact the Technology Help Desk at 412-624-HELP (4357) if you have any questions regarding this announcement.