Phishing Alert: Fake Email Entitled “D&B iUpdate : Company Order Request” Contains Harmful Attachment

Wednesday, January 30, 2013

Computing Services and Systems Development (CSSD) has received reports of another email phishing scam being received by members of the University community. The email, entitled "D&B iUpdate : Company Order Request" solicits users to open an attachment that contains malware.

If you receive this message (or any message similar to it), delete it without replying, opening any attachments, or clicking on any links within the emails.  The following is a sample of the recent fraudulent email:

* * * * * * * * * * * * * * * * SAMPLE * * * * * * * * * * * * * * *

From: Customer Service (D&B iUpdate) []

Sent: Wednesday, January 30, 2013 10:23 AM

Subject: D&B iUpdate : Company Order Request


D&B iUpdate : Company Request


Thank you, Your request has been successfully processed by D&B. All information has been reviewed and validated by D&B. Please Find your Order Information attach


iUpdate is D&B's Internet-based service that allows business principals to view, print, and request updates their company information.


CONFIDENTIALITY: The information contained in this transmission may contain privileged and confidential information. It is intended only for the use of the person(s) named above, who is an user of D&B - iUpdate service. If you are not the intended recipient, you are hereby notified that any review, dissemination, distribution or duplication of this communication, and the information contained in it, is strictly prohibited. If you are not the intended recipient, please contact D&B and immediately destroy all copies of the original message. This is an


� Dun & Bradstreet, Inc., 2000-2013. All rights reserved.

* * * * * * * * * * * * * * END SAMPLE* * * * * * * * * * * * * *

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. Symantec Endpoint Protection can be downloaded at no cost through the Software Download Service at My Pitt (


Get Help