Dear faculty, students, and staff,

The following email is also a phishing attempt. This one is faked to come from President Suresh with a PDF attachment. The president does not send attachments in emails to the entire campus so you should have stopped here.

If you open the attachment, you will see a Google Drive image asking you to click. If you click, you will be warned that it is trying to open the browser to a website. You should have stopped here already since it’s going to some website in Brazil (see the .br in the URL?).

1

If you let the browser open the link, it will open a page with several Microsoft Office icons that are supposed to confuse you that this is from them. Hold on, I thought it was from Google Drive, how did we end up with Microsoft Office here? You should have stopped long before but in case you did not, you should stop right now.

2

If you download the file using the big blue button, that’s when I suspect you will get a ransomware to start downloading and bad things will start to happen.

I have included all these screenshots so that you understand how things progress and so that you are not tempted by curiosity to try these dangerous steps.

If you received a similar email, then please delete it. You can report that you got this at qatar-infosec@qatar.cmu.edu.

 

Khalid Sarwar Warraich | Chief Information Officer
 

From: Subra Suresh <official@andrew.cmu.edu> [mailto:zallen@worcester.edu] Sent: Monday, December 12, 2016 4:28 PM
Subject: A Message from Carnegie Mellon University President Subra Suresh

Dear Members of the CMU Community,

Good Morning,

Here is an important document all staffs has to look at. It’s about school updates activities.

Everyone needs to read the important information carefully.

Sincerely,

President
Henry L. Hillman President’s Chair
Carnegie Mellon University

Phishing attack: very elaborate attempt to install malware