Scam recipients were notified shortly after receiving the scam.
Posted Jul 19, 2024 - 08:36 EDT
Monitoring
Pitt Information Technology has identified a surge in email phishing scams advertising fraudulent job opportunities designed to gain access to University systems or scam the recipient out of money. Pitt IT is taking action to address the most recent version of this scam, which attempts to convince recipients to click a link to a Google Form and provide their personal information.
The Subject line may be similar to these examples:
• VITAL NOTICE!!! • IMPORTANT ALERT!!! • VITAL NOTICE! • IMPORTANT NOTICE! • VITAL STUDENT/STAFF UPDATE!
The body of the email message may be similar to this example:
**********
READ URGENTLY!
Are you a student or staff in need of a remote part time job that earns you over $850 weekly?
Currently on-going is a great employment program aimed at assisting students and staffs with a part time cash paying job that is flexible enough to fit into your daily schedule. Work requires very little time and can be done with your just your mobile phone and your computer.
Interested persons should CLICK HERE [link redacted] immediately for details and APPLICATION [link redacted].
[Google form image/link redacted]
**********
Individuals who have already responded to this scam should block the scammer’s email address and/or phone number and be vigilant about reviewing any messages received at the email address they provided.
The University Career Center provides detailed guidance for Identifying and Avoiding Fraudulent Jobs and Scams on its website. Additional guidance for spotting phishing scams is available on Pitt IT’s website. Keep in mind these key points:
• Only approve multifactor authentication (Duo) requests that you have initiated. Duo is designed to prevent unauthorized access to your information and University data, but it requires constant vigilance. Never tap “Approve” if you receive a Duo authentication request that you were not expecting. Uninitiated authentication requests may be an attacker attempting to compromise your Pitt account. The only safe Duo authentication request you will receive is one you request when logging in to University services. • Do not reply to unsolicited emails or emails from unverifiable sources. If you were not expecting to receive such an email, confirm with the sender prior to interacting with the message. If you must interact with the message, avoid clicking on links contained in such emails. These may lead to sites that contain malicious software, or sites that attempt to steal your credentials. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it. • Be extra cautious if you automatically forward your University email. Automatically forwarding your University email to a non-University address (for example, gmail.com, hotmail.com, or upmc.edu) circumvents some of the security measures Pitt IT puts in place to protect you against phishing scams. • Report suspected phishing scams. To report a phishing scam, forward the phishing email as an attachment to phish@pitt.edu. • Stay safe when scanning QR codes. Never scan a QR code from an unknown or untrustworthy source. When you do scan a QR code, be sure to use a scanner app that provides a preview of the destination so that you can review the URL and decide if it is safe. If you scan a QR code and the site is unrelated to what you scanned or requires a login, close out of your browser immediately. • Install an antivirus solution for personal devices. Staff and faculty should be using Microsoft Defender to protect University-owned devices.
Please contact the 24/7 IT Help Desk at +1-412-624-HELP (4357) if you have any questions regarding this announcement.
Posted Jul 18, 2024 - 16:13 EDT
This incident affected: Security Alerts (phishing scams, new vulnerabilities, etc.).