Phishing Alert: Lab Line Scam Mimics Pitt Passport Login Page

  Saturday, June 10, 2017 - 12:38pm

 

Computing Services and Systems Development (CSSD) is responding to a new email phishing scam that claims to provide a link to the Lab Line service to check the availability of computers in the computing labs. The link actually takes visitors to a harmful Web site that mimics the Pitt Passport login page and attempts to collect their username and password. The email scam appears to originate from a Gmail email address that begins with helpdesk.pitt.   

The following is a sample of the recent fraudulent email. If you receive this message (or any message similar to it), please report it as a phishing scam by forwarding the email message as an attachment to phish@pitt.edu. Detailed instructions on reporting scams are available at http://technology.pitt.edu/phishingscams.

*************************************************************************************

Subject: Important : Lab Line-Check Lab Availability

Find out which lab has available Windows, Mac, or Linux computers before you get there. There are four easy ways to check:

1.See the lab status table below.

2.Visit Pitt Mobile (m.pitt.edu)[link removed]  with your smart phone or mobile device, and select Computing Labs.

3.Check one of our digital signs in the labs or around campus.

4.Text a keyword for a specific lab to 41411 (standard text messaging charges will apply). Keywords: ALUMNI, BENE, CLG27, CLG62, DLHALL, HILLM, SUTH. You can also text LABS to 41411 to receive a list of these keywords as a text message.

4200 Fifth Avenue  

Pittsburgh, PA 15260  

412-624-4141

 *************************************************************************************

The link in the phishing email directs readers to a malicious Web page (shown below) that mimics the Pitt Passport login page. Remember that the real Pitt Passport login page always begins with https://passport.pitt.edu in the address bar.

Fake Pitt Passport page

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement.

Tags: Alerts