Dear faculty, staff, and students,

The email shown below is an attempt to steal your password. The email requests you to send copies of your published papers with links to the papers in the email.

However, one of the links is to a faked website that looks like our AndrewID login page. If you look at the link’s URL, it starts with “http://login.cmu-edu.in/…” Note that there is a hyphen (-) between “cmu” and “edu” and the website is registered in the Indian top level domain (ends with “.in”). If you don’t look to carefully, you might be tricked into entering your AndrewID and password on that page which will let the phisher steal them.

Please forward any similar emails that you may have received to qatar-infosec@qatar.cmu.edu and then delete them from your account.

If you inadvertently clicked on the link and entered your username and password on that page, then please contact us immediately (call 5596-3818 or email qatar-infosec@qatar.cmu.edu) so that we can help you secure your account.

Thank you.

Khalid Sarwar Warraich | Chief Information Officer

 

From: [deleted]

Date: October 11, 2016 at 17:38:04 GMT+3

To: [deleted]

Subject: Re:

Reply-To: [deleted]

Hi

Dear Dr. [deleted];

I recently read your last article and it was very useful in my field of research.

I wonder, if possible, to send me these articles to use in my current research:

1- http://login.cmu-edu.in/[…deleted]

2- http://www.sciencedirect.com/science/article/pii/S016541011500018X

Thanks for you Cooperation in Advance.

Dr. Jason Dutton
La trobe University
Faculty of Art
Department of Economics

Phishing alert: new cover story to steal your password