Warning concerning targeted malicious attacks at TCU

Who should be concerned?
Anyone who gets an unexpected email with an attachment, especially those with the extension “.doc”.

What happens?

If the user double-clicks on the attachment to open it (and enable editing for MS Office attachments), malware will be downloaded to your computer.

Why should I be concerned?

The malware will record all the passwords you type into browsers and can use them or sell them. This includes banking and other sites even those using https encryption.

 What do these emails look like? (See examples below)

  1.  They contain attachments with the extension “.doc” though they may have other extensions e.g. “.docx”, “.pdf”, “xlsx.”
  2. Attachments we have recently seen are named “Invoices Overdue,”, “loan application” or “sued used.”   (there could be similar ones in the future)
  3. The emails seem to be coming from compromised accounts from legitimate businesses.
  4. Importance set as High.

What to do with any Attachments?

  1. Never open (or double-click) an attachment which you are not expecting.
  2. If you single-click on the document inside the email in order to preview it, you should see the contents. If it tells you to enable editing…Don’t!
  3. Forward the email to phishing@tcu.edu and we will check it out.
  4. Even when you open a possibly safe attachment, never enable editing unless you have to.
  5. If you accidentally open an Attachment and see this, do not enable.  This is not a Microsoft message.
mailcious attachment - orig

Recent Examples of phishing emails with attachments:

1. Invoice attachment exampleinvoice2. Loan attachment example


3. Subpena attachment example