Phishing Alert: DHL Letter Pick-up Scam

  Monday, November 23, 2015 - 2:41pm

 

Computing Services and Systems Development (CSSD) is responding to a new email phishing scam that claims you have letters from the University of Pittsburgh that are ready to be picked up. The “From” line of the email address imitates a DHL.com email address. Clicking the link in the message eventually directs you to a harmful Web page that attempts to collect your University Computing Account email address and password.

The following is a sample of the recent fraudulent email. If you receive this message (or any message similar to it), delete it without replying, opening any attachments, or clicking on any links within the email.

******************************************************************************

Subject: Please visit our office!

Good day!

You have (2) Letters from University of Pittsburgh.

Kindly click: Here <LINK REMOVED> for pick-up details.

Thank You!

Mail.dhl.com

******************************************************************************

The link in the phishing email directs readers to a pop-up message informing them they have been signed out of their email account and must click within the pop-up message to sign in again.

 DHL pop-up scam

Clicking OK within the pop-up message takes the reader to a malicious Web page branded to look like a DHL page (see below):

 DHL scam

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers a free version of Malwarebytes for individuals and departments. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement.

 

Tags: Alerts and Notifications Alerts Alerts Phishing