Phishing Alert: PNC Bank Account Validation Scam

  Thursday, January 5, 2017 - 12:56pm

 

Computing Services and Systems Development (CSSD) is responding to a new email phishing scam that claims the recipient's PNC bank account has been placed on hold. The message states the recipient must click a link to log in within five days or their account will be suspended. Clicking the link redirects the user to a malicious Web site that attempts to gather their username and password.

The following is a sample of the recent fraudulent email. If you receive this message (or any message similar to it), please report it as a phishing scam by forwarding the email message as an attachment to phish@pitt.edu. Detailed instructions on reporting scams are available at http://technology.pitt.edu/phishingscams.

******************************************************************************

Subject: New Message from PNC Online Banking

Greetings from PNC Customer service,

We were unable to validate important details about your PNC account.
Your account has been placed on hold pending additional verification.

You will not be able to log in to your account, if you do not respond within 5 days of this email your account will be
suspended and you will no longer be able to access PNC services.

To avoid suspension, follow the instruction on the link below.

Sign in to Online Banking <link removed>

PNC Bank
----------------------------------
© 2017 The PNC Financial Services Group, Inc. All rights reserved.

 

******************************************************************************

The link in the phishing email directs readers to a malicious Web page (shown below) that mimics a PNC login page and attempts to gather usernames and credentials.

PNC phishing scam

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement.

Tags: Alerts Alerts and Notifications Phishing