Phishing Alert: Help Desk Support Scam | Information Technology | University of Pittsburgh

Phishing Alert: Help Desk Support Scam

Wednesday, July 20, 2016 - 08:39


Computing Services and Systems Development (CSSD) is responding to a new email phishing scam that claims your must update your email account to prepare for an upgrade to "Outlook 2017 Web Access". The link in the email scam directs readers to a harmful Web page that attempts to collect your username and password. The email scam usually originates from an address outside the University and typically uses the Subject line "Help Desk Support".

The following is a sample of the recent fraudulent email. If you receive this message (or any message similar to it), please report it as a phishing scam by forwarding the email message as an attachment to Detailed instructions on reporting scams are available at


Subject: Help Desk Support


Please read attach message from Help Desk Support. You are required to follow the activation procedure.

Thank you.

Help Desk Support

CONFIDENTIALITY NOTICE: The materials in this electronic mail transmission (including all attachments) are private and confidential and are the property of the sender. The information contained in the material is privileged and is intended only for the use of the named addressee(s). If you are not the intended addressee, be advised that any unauthorized disclosure, copying, distribution or the taking of any action in reliance on the contents of this material is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender by replying to the e-mail, and then destroy it immediately. Thank you.


The link in the phishing email directs readers to a malicious Web page that looks similar to the one shown below. The page attempts to collect your username and password.

Fake Outlook Web App login

This phishing scam also contains an attachment with more details about the purported "upgrade". A screenshot of the attachment appears below:

Phishing attachment screenshot

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement.