Phishing Alert: Fake Email Claiming to be Authorization Form for Vehicles Used on State Business Contains Harmful Attachment
Thursday, October 10, 2013
Computing Services and Systems Development (CSSD) is responding to an email phishing scam being received by members of the University community. This email claims to contain an authorization form that must be signed by anyone using a privately owned vehicle on state business.
If you receive this message (or any message similar to it), delete it without replying, opening any attachments, or clicking on any links within the email. As a reminder, no legitimate organization - including Computing Services and Systems Development - will ever ask for your password over email or on the phone.
The following is a sample of the recent fraudulent email:
* * * * * * * * * * * * * * * * SAMPLE * * * * * * * * * * * * * * *
Date: October 10, 2013, 11:32:41 AM EDT
Subject: Annual Form - Authorization to Use Privately Owned Vehicle on State Business
All employees need to have on file this form STD 261 (attached). The original is retained by supervisor and copy goes to Accounting. Accounting need this form to approve mileage reimbursement.
The form can be used for multiple years, however it needs to re-signed annually by employee and supervisor.
Please confirm all employees that may travel using their private car on state business (including training) has a current STD 261 on file. Not having a current copy of this form on file in Accounting may delay a travel reimbursement claim.
* * * * * * * * * * * * * * END SAMPLE* * * * * * * * * * * * * *
CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.
In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. Symantec Endpoint Protection can be downloaded at no cost through the Software Download Service at My Pitt (my.pitt.edu).