Get a duplicate e-mail? It may be malware

A recent phishing and malware attack has been seen affecting campus affiliates.  This attack looks through a computer or filesystem for saved .pst files (Outlook mailboxes stored locally), and resends e-mail to individuals who have previously received e-mails from the victim, but the e-mails now contain copies of the same malware.  This malware can be delivered as an attachment that replaces the original attachment or as link to a malicious site.    These e-mails are being sent from external senders (not the original sender) masquerading as the original sender. These e-mails would have previously been seen by the recipient, and may not make sense in the current context.  For example, the e-mail could be referencing a document or meeting that was completed up to a year ago.  

Because these e-mails are being resent and mimic legitimate content, the ISO cannot explicitly block all such messages.

Remain vigilant for suspicious e-mails, even from known sources.  Please report them to the ISO (iso-ir@andrew.cmu.edu , 412-268-1044, or via phishAlarm).