Dear faculty, students, and staff,

We have seen cases in Education City of malware being delivered via Arabic encoded URLs (such as http:// تحميل.xyz). This is different from what we have been typically seeing in phishing attacks where the malware is delivered via an attachment such as a PDF or docx file. The phishing email including the URL will usually be disguised as a “Software Update” or something similar to try and trick you into clicking on the link and then run the file and run the file that is downloaded. Note that the malicious file is downloaded automatically when the link is clicked. However you would still need to double click the malicious file to execute it and infect your machine.

As with this or any other message you receive in which you are unsure if it is malicious, please forward them to us at Qatar-infosec@qatar.cmu.edu. We will be happy to check and verify that the message or link is legitimate or malicious.

Jerome Marella | Director, Core Infrastructure and Services

Phishing alert: a different method to infect your machine