Carnegie Mellon University
March 18, 2016

Phishing message from Farnam Jahanian via Dropbox

Thursday night starting around 9:45 PM a phishing email attack was sent to CMU email addresses.

The phishing message was a fake Dropbox shared document notification pretending to be from "Farnam Jahanian via Dropbox [official@andrew.cmu.edu]".

This phish asks users to click on a link leading to a fake Dropbox login page and provide their username and password.  The fake login page showed logos for Gmail, AOL, Windows Live, Yahoo and "other emails" and prompted with the text "To view the shared document, you are required to Login with your email address below"

This is not a legitimate e-mail and it was not an ISO phish training campaign.  ISO notified the recipients around 11:35 PM that same evening.

WHAT YOU NEED TO DO

If you CLICKED THE LINK or ENTERED YOUR CREDENTIALS:

  1. If you entered info into the phishing site, immediately change passwords for any accounts you may have entered.  For Andrew password changes, please visit: https://identity.andrew.cmu.edu
  2. Email the Information Security Office at iso-ir@andrew.cmu.edu with the following information:
  • What time you clicked on the phishing link and from what device & Internet connection?
  • What time you entered your usernames & passwords into the phishing site if you did so?
  • What types of accounts did you enter into the phishing site?  Andrew, SCS, ECE, SEI, Qatar, Silicon Valley, personal Gmail, Dropbox, other?
  • If you needed to, what time did you change your Andrew, SCS, ECE, SEI, Qatar, Silicon Valley, etc... passwords?
  • Do you use your Andrew, SCS, ECE, SEI, Qatar or Silicon Valley accounts to access University Restricted Data?
  • Do you use your Andrew, SCS, ECE, SEI, Qatar or Silicon Valley email to store University Restricted Data?

CURIOUS ABOUT PHISHING
If you are curious about the message or what phishing is, but didn't click any links in the message, please take a look at our phishing awareness page.