New Phishing Scam Asks You to Verify Your Webmail Account on Fake Pitt Web site

Tuesday, March 19, 2013

Computing Services and Systems Development (CSSD) is responding to another email phishing scam that is being received by members of the University community. The email mentions the typical fake scheduled maintenance and password reset request; in reality, it is a phishing scam designed to entice users to follow a link to a fraudulent Web page and to enter their personal login information.

If you receive this message (or any message similar to it), delete it without replying, opening any attachments, or clicking on any links within the emails. The following is a sample of the recent fraudulent email, and a screen capture of the associated fake Web page.

* * * * * * * * * * * * * * * * SAMPLE * * * * * * * * * * * * * * *

From: University of Pittsburgh Admin [ ]

Sent: Tuesday, March 19, 2013 8:23 AM

Subject: Important Notice

We would like to inform you that we are currently carrying out scheduled maintenance and upgrade of our webmail service and as a result of this; our client has been changed and your original password will reset. We are sorry for any inconvenience caused.

You are to Verify your webmail Account by clicking the link below;

If you can't click the above link, copy and paste on your browser address.

* * * * * * * * * * * * * * END SAMPLE* * * * * * * * * * * * * *

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. Symantec Endpoint Protection can be downloaded at no cost through the Software Download Service at My Pitt (

Get Help