Dear faculty, students, and staff,
You may have received an email from an unknown sender disguised to come from an @qatar.cmu.edu address. The two I received were:
From: Ernest [mailto:Ernest081@qatar.cmu.edu] Sent: Monday, August 22, 2016 12:47 PM Subject: Today's fax From: Raymond [mailto:Raymond4@qatar.cmu.edu] Sent: Monday, August 22, 2016 1:06 PM Subject: Today's fax
These emails have a Macro Enabled Word file which has a .docm extension. If you open this file, the malware will start to (most likely) encrypt your files and later demand a ransom for decrypting them.
Please do not open these attachments and just delete the sent emails. In fact, do not open any attachment if you are not absolutely sure of its origin and safety. You can forward any suspicious email to qatar-infosec@qatar.cmu.edu and we will review the email and let you know if it safe or malicious.
You can learn more about how such attacks work on our website at:
https://it.qatar.cmu.edu/phishing-attack-attempt-to-install-malware/
If you mistakenly opened the file, please contact us immediately at qatar-infosec@qatar.cmu.edu.
Oh, by the way, welcome back to a new academic year. I wish all of you a successful and safe academic year.
—
Khalid Sarwar Warraich | Chief Information Officer