Phishing Alert: Pitt ITS Services Email Authentication Scam | Information Technology | University of Pittsburgh

Phishing Alert: Pitt ITS Services Email Authentication Scam

Thursday, December 22, 2016 - 13:10


Computing Services and Systems Development (CSSD) is responding to a new email phishing scam that claims that it is from "ITS Services” and states there is a new message from faculty/staff. The link in the body of the email message directs the user to a malicious Web page that mimics the University's Pitt Passport login page and attempts to steal the user's credentials. The email scam appears to originate from a University email address.

The following is a sample of the recent fraudulent email. If you receive this message (or any message similar to it), please report it as a phishing scam by forwarding the email message as an attachment to Detailed instructions on reporting scams are available at


Subject: Important message from PITT Faculty/Staff 

Dear Employee:

You have new important message from Faculty/Staff.

Click here <link removed> to read

Thank You

University of Pittsburgh




CONFIDENTIALITY NOTE: The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information.




Please consider the environment before printing this e-mail.


The link in the phishing email directs readers to a malicious Web page (shown below) that mimics the University's Pitt Passport login page. Remember that the real Pitt Passport login page always begins with in the address bar.

Fake Pitt Passport login page

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement.