Phishing Alert: Dropbox Notice Claims to Share File

  Wednesday, March 1, 2017 - 4:58pm

 

Computing Services and Systems Development (CSSD) is responding to a new email phishing scam that claims to be from the University. The fraudulent email claims to contain information about a Dropbox file that has been shared with the recipient. It includes a malicious link that that directs the user to a malicious domain. On that page, the user is asked to choose their email provider and then is presented with a login form which attempts to steal the user's credentials.

The following is a sample of the recent fraudulent email. If you receive this message (or any message similar to it), please report it as a phishing scam by forwarding the email message as an attachment to phish@pitt.edu. Detailed instructions on reporting scams are available at http://technology.pitt.edu/phishingscams.

******************************************************************************

Subject: Re: View Dropbox Document

pitt.edu shared a file with you!
                            secured file

Phishing scam login link

University of Pittsburgh logo

4200 Fifth Avenue
Pittsburgh, PA 15260
Phone: 412-624-4141

******************************************************************************

The attachment in the email contains a Web form (shown below) that asks you to select your email provider and attempts to collect the reader's username and password:

Phishing scam login page

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement.

Tags: Alerts