Recent Phishing Campaigns (January 31)
Many users have reported receiving phishing emails that claim to be from senior USC administrators. These phish share the following characteristics:
- They ask you to open PDF attachments or click embedded links to access important or encrypted information.
- They contain no substantive content.
- Hovering your mouse over the From: field shows that the message comes from a non-USC email address.
As phishing campaigns become increasingly sophisticated and harder to detect, we urge you to use extreme caution when clicking links in messages or attachments you receive from unknown senders. While antivirus programs may automatically scan messages for embedded malware, they do not normally scan for malicious links in attachments.
ITS encourages you to consider the following tips when handling suspicious email:
- If you are unable to see or do not recognize a link’s destination URL, do not click the link.
- Never provide personal information, such as your passwords, social security number, or bank information, on a website you access by following a link in an unsolicited email or attachment.
- If you must open an email attachment, first scan it using your antivirus software. To scan an attachment on a PC or Mac running USC’s free Sophos Antivirus, save the attachment to your desktop, right-click the file, and choose Scan with Sophos Antivirus.
If you think you received these recent phish and have replied, opened the attachments, or provided your login information on an unknown website, change your USC password as soon as possible by going to the Popular Topics menu bar on the ITS website and clicking the link labelled change your password.