This is posted to bring awareness to people that phishing attacks also happen via letter mail, other than telephone and emails. It has come to our attention from another institution that someone is attempting another form of phishing attack. A small number of people
at multiple sites are getting physical mail, not email, indicating a
possible security issue they should be aware of. Details are supposedly
included on an enclosed DVD. Individuals targeted range from upper
management to researcher/student assistant. Nobody is safe.

The DVD contains an executable you are supposed to run that contains
the details. In reality it contains a trojan horse that snaps a
screenshot every few seconds and uploads it to a remote command/control
site. The malware runs as the user, and isn't picked up by antivirus.

If you receive such a package, please get in contact UIT Client Services as soon as possible. DO NOT insert the DVD into your system.

UIT Information Security