!

Phishing Alert: Student Organization Payment Scam

Wednesday, July 26, 2017 - 12:36

Computing Services and Systems Development (CSSD) is responding to a new email scam targeting student organizations on campus that claims the sender needs assistance in making a check payment or wire transfer to a vendor at a specific mailing address. The initial message is directed to a member of the organization, usually a board member or elected official. The message often originates from a spoofed or deceptive email address and tries to prompt the recipient to send funds to a location or address contolled by the scammer.

The following is a sample of a recent fraudulent email. If you receive this message (or any message similar to it), please report it as a phishing scam by forwarding the email message as an attachment to phish@pitt.edu. Detailed instructions on reporting scams are available at http://technology.pitt.edu/phishingscams.

*************************************************************************************

Hi Joe,

    I need you mail a check payment to a vendor for me. I will provide you with the Vendor's information you need in

making the payment. I will appreciate swift response.

Regards

John D

 *************************************************************************************

We suggest you take additional precautions by asking the following questions before proceeding to take action:

  • Do you know the sender?
  • Do you recognize the sender's email address?
  • Is the sender asking you to do something quickly?
  • Does the message imply a sense of urgency?
  • If you were to “Reply-To” the email, does the email address you are replying to match the address you received it from, and do you recognize it?
  • Were you expecting this email?
  • Does the request make sense, and seem normal?

CSSD strongly recommends that you do not reply to unsolicited emails, emails from unverifiable sources, unknown phone calls, or communications coming from other suspicious sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement.