Phishing Alert: “Salary increase letter” with malicious password-protected attachment
Posted on
January 4, 2023
Information Security Advisory
Please be advised that a recent phishing message targeted a large number of York users with a fake salary increase notice letter. The “letter” is a PDF attachment that contains a link to a fake York login designed to steal passwords. The attachment itself has been password protected by the sender to try and avoid detection by email security mechanisms and anti-virus software. The message has been removed from all York mailboxes and the fake York login site has been taken down, however anyone who may have clicked on the link and entered information to it prior to that is asked to contact Information Security immediately to ensure their account is protected.
Thank you to all the community members who correctly identified the message as malicious and reported it using the “report phishing” button, these reports help with rapid detection and proactive removal of such messages.
Additionally, please keep in mind these safe online practices:
Always be on guard with emails allegedly providing or requesting sensitive information, financial transactions, or that insist on immediate response.
Do NOT click links or open attachments in unsolicited email from people or groups you don’t recognize; be aware that password-protected documents are sometimes used to “hide” viruses and malware from security software.
For familiar contacts or expected messages, examine the “From” field of email messages to verify the sending address is correct – be wary of different spellings of the sending email address that could indicate fraud.
For links within email messages, use the “hover over” technique to validate the actual location it will send you to – move the mouse pointer over a link (without clicking!) and wait a moment; most email programs will show the real web location the link will take you to – if it does not match what you expect that could indicate fraud.
Take the York Cyber Secure online training, available to all staff and faculty: