Beware of latest file sharing phishing attempt - Feb 2021
The UCT Computer Security Incident Response Team (CSIRT) is investigating a new phishing attempt that asks you to open a shared file. The email contains a PDF attachment as well as a link to a shared document. By clicking on either you’re redirected to a webpage that resembles the Microsoft login page.
What do I do?
If you receive such an unexpected email request, even if it looks like it is from one of your contacts or a legitimate company, please do not click the attachment or link. First contact the individual to verify that they sent it.
If they did not send it, please inform the IT Helpdesk immediately by sending the email on to firstname.lastname@example.org. You can then delete the email. The same advice applies to any suspicious emails you receive on your UCT account.
If you have already clicked the attachment or link in the email, DO NOT enter your details if prompted. Instead, run a full antivirus scan of your machine. Then, on a device that you know to be free of malware and infection, change your UCT password.
What happens if I clicked the attachment or link and entered my details?
If you've entered your details, your account may be compromised. This puts the UCT network and UCT assets at risk. Please:
- On a device that you know to be free of malware and infection, change your password.
- Send an email to the IT Helpdesk informing them that your details were compromised, but that you have changed your password.
- Run a full antivirus scan on the machine you used to enter your details.
- Don't ever reply to emails, messages, or calls that request personal information – especially usernames and passwords.
- NEVER share your password or PIN with anyone – not even an ICTS representative, or representatives of your bank, mobile network, or other service providers.
- Do not open attachments unless you can verify the sender and the nature of the attachment.
- Don't open emails of unknown origin.
- Don't click on links in emails if you cannot recognise where the link directs you.
- Don't reply to spammers asking them to remove you from their mailing list. Replying just confirms your email address as valid, which encourages them to send you more spam.
- Don't forward chain letters or marketing material.
- Please check the announcements on the ICTS and CSIRT websites for the latest alerts. If your suspicious email differs to the one in the announcement, please report it to the IT Helpdesk at email@example.com. You can report any other cybersecurity issues to the CSIRT at firstname.lastname@example.org.