Phishing Alert: Free Items Offered in Exchange for Shipping Costs | Information Technology | University of Pittsburgh
!

You are here

Phishing Alert: Free Items Offered in Exchange for Shipping Costs

Friday, December 1, 2023 - 10:55

 

Pitt Information Technology is taking action to address a new variation of a phishing scam that claims to offer free items to those who are willing to pay shipping costs. The scam originates from a “students.manateeschools.net” email address and asks recipients to reply with their personal email address to arrange delivery of the items.

The Subject line may be similar to these examples:

  • Christmas Carol Gift!!!
  • Christmas Support
  • Christmas Reward!!
  • Holiday Support
  • FESTIVE REWARD
  • HOLIDAY NOTICE

The body of the email message may be similar to the following example:

**********

As the Christmas period draws closer, we are pleased to bring to your notice that one of our Old Graduate, [name redacted] is currently endowing and generously offering to give away her late father's favorite properties. Amongst the items available are a neatly used

  • Apple MacBook Pro
  • PlayStation 5
  • Canon Camera (EOS 800D)
  • Guitar (Eric Clapton's 1939 Martin OOO-42)
  • Violin
  • 2014 Baby Grand Piano (Yamaha)

It's essential to let you know these gadgets are offered for free, with a dispatch agent available. [Name redacted] is offering to have them delivered directly to your home, and to facilitate this a dispatching fee is required regardless of the destination.

We encourage those interested to reach out to [name redacted] via [email address redacted] with your personal email address (NOT SCHOOL EMAIL), as these items are sure to find new homes quickly. Don't miss this opportunity to obtain these remarkable pieces.

**********

Pitt IT is contacting individuals who received the scam and advising them to block the scammer’s email address and be vigilant about reviewing any messages received at the email address they may have provided to the scammer.

Guidance for spotting phishing scams is available on Pitt IT’s website. Keep in mind these key points:

  • Only approve multifactor authentication (Duo) requests that you have initiated. Duo is designed to prevent unauthorized access to your information and University data, but it requires constant vigilance. Never tap “Approve” if you receive a Duo authentication request that you were not expecting. Uninitiated authentication requests may be an attacker attempting to compromise your Pitt account. The only safe Duo authentication request you will receive is one you request when logging in to University services.
  • Do not reply to unsolicited emails or emails from unverifiable sources. If you were not expecting to receive such an email, confirm with the sender prior to interacting with the message. If you must interact with the message, avoid clicking on links contained in such emails. These may lead to sites that contain malicious software, or sites that attempt to steal your credentials. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.
  • Be extra cautious if you automatically forward your University email. Automatically forwarding your University email to a non-University address (for example, gmail.com, hotmail.com, or upmc.edu) circumvents some of the security measures Pitt IT puts in place to protect you against phishing scams.
  • Report suspected phishing scams. To report a phishing scam, forward the phishing email as an attachment to phish@pitt.edu. 
  • Stay safe when scanning QR codes. Never scan a QR code from an unknown or untrustworthy source. When you do scan a QR code, be sure to use a scanner app that provides a preview of the destination so that you can review the URL and decide if it is safe. If you scan a QR code and the site is unrelated to what you scanned or requires a login, close out of your browser immediately.
  • Install an antivirus solution for personal devices. Staff and faculty should be using Microsoft Defender to protect University-owned devices.

Please contact the Technology Help Desk at +1-412-624-HELP (4357) if you have any questions regarding this announcement.