!

Phishing Alert: Email Scam Contains PDF with Link to Fake Pitt Passport Website

Monday, February 12, 2018 - 03:41

 

Computing Services and Systems Development (CSSD) is responding to a new email phishing scam claiming to be from "University of Pittsburgh Admistrators Security Centre." The email appears to originate from an @pitt.edu email address. The message includes a PDF attachment, sometimes titled "PITTOPEN.PDF". The attachment claims your account has been updated and you must click a link to upgrade. The link takes readers to a harmful web page that mimics the Pitt Passport login page and attempts to collect their username and password.  

Below is a sample of the fraudulent email. If you receive a similar message, please do not respond, but report it as phishing scams by forwarding the original message as an attachment to phish@pitt.edu. Detailed instructions on reporting scams are available at technology.pitt.edu/phishingscams.

SAMPLE (including image of PDF attachment)

*************************************************************************************

Attachment: PITTOPEN.PDF
Subject: [PT#1175756] Important Message.
 
Announcement, You have a new message from University of Pittsburgh  Administrators Security Centre (UPASC) Download attachment below to read.

 

 

*************************************************************************************

Clicking the link in the PDF file takes readers to a harmful web page that mimics the Pitt Passport login page. The page attempts to convince the visitor to provide their username and password: 

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412-624-HELP (4357) if you have any questions regarding this announcement.