Phishing Alert: Library Account Expiration Scam Mimics PITTCat Web page | Information Technology | University of Pittsburgh
!

Phishing Alert: Library Account Expiration Scam Mimics PITTCat Web page

Monday, July 2, 2018 - 17:49

Pitt Information Technology is responding to a new email phishing scam that claims access to your library account is expiring soon due to inactivity. The recipient is asked to click a link to reactivate their account. The link actually leads to a harmful external website that mimics the PITTCat online catalog page and attempts to collect the recipient's username and password. The email appears to originate from an external email address. 

The following is a sample of the recent fraudulent email. If you receive this or a similar message, please report it as a phishing scam by forwarding the email message as an attachment to phish@pitt.edu. Detailed instructions on reporting scams are available at http://technology.pitt.edu/phishingscams.

******************************************************************************

Subject: Library Account Expiration  

Dear Staff/Student

Your access to your library account is expiring soon due to inactivity. To continue to have access to the library services, you must reactivate your account. For this purpose, click the web address below or copy and paste it into your web browser. A successful login will activate your account and you will be redirected to your library profile.

<link removed>

If you are not able to login, please contact Ruth Jenkins at <Address removed>for immediate assistance

If you have any questions please check with the library in question from the following list: https://www.library.pitt.edu/askus

You can view the library's fines policies at https://www.library.pitt.edu/ask-email

Main Library

The University of Pittsburgh is a charitable body,

with registration number SC014336.

******************************************************************************

The link in the phishing email directs readers to a malicious webpage (shown below) that mimics the PITTCat online catalog page.

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement