To: All Employees and Students
Christian Schreiber, University Information Security Officer
Subject: Phishing Alert
Date: April 18, 2013
The University of Arizona has been alerted that there is a phishing campaign using the Boston Marathon bombings that occurred April 15, 2013. Users are sent an email that contains a link that, when clicked, may install malware on computers.
Spammers often exploit current events, particularly those of a tragic or sensational nature, to spread malware or gain access to computing resources. UA Information Security cautions all faculty, students and staff to exercise additional caution, and to stop and think before clicking on Web links, emails and Facebook posts related to this topic. Instead, go to major or trusted news websites for information.
Following is a sample of subject lines that have been used in conjunction with this phishing campaign:
- â€œ2 Explosions at Boston Marathonâ€
- â€œAftermath to explosion at Boston Marathonâ€
- â€œBoston Explosion Caught on Video"
- "BREAKING - Boston Marathon Explosion"
- "Video of Explosion at the Boston Marathon 2013"
- "Runner captures. Marathon Explosion"
If you receive an unsolicited email or you are unsure of the sender:
- Do Not Reply
- Do Not Click on any links
- Do Not Open any attached files
- Delete the message immediately
If you have received an email such as that described above, and have responded to the email or clicked on the link, please contact your local IT support as soon as possible, or contact the 24/7 IT Support Center (626-8324) for further information.
We have illustrated examples of phishing scams at security.arizona.edu/phishingexample. We encourage you to safely practice examining this example by opening a browser (i.e., Internet Explorer, Google Chrome, etc.), and copying and pasting the URL into the browser window.
Refer to security.arizona.edu/phishing for additional information and advice about these and other kinds of email phishing attacks.