Phishing Alert: Malicious Email Attachments

A phishing campaign targeting individual UH email accounts and UH listservs have sent malicious emails originating from different senders with an attached excel spreadsheet. Many of the emails come from various international senders that do not have a hawaii.edu email address.

The malware-infected excel spreadsheets contain keystroke loggers that will capture anything that is typed and a screen grabber to capture images of your screen. The malware will also download additional malicious software that can encrypt your entire hard-drive (ransomware) and compromise other computers on your network.

If you receive an unsolicited email, do not open any attachments (especially excel spreadsheets) without confirming the validity of the sender.

You should also check to see if there is a non-hawaii.edu “Reply-to” address on the message:

  1. Log in to Gmail using a web browser.
  2. Open the message you’d like to view headers for.
  3. Click on the “three horizontal dots” next to the Reply arrow, at the top of the message pane.
  4. Select “Show Original”.

If you have opened an attachment, do not enable macros (Don’t click on “enable content” in the warning bar) and do not ignore any security warnings. Additionally, if you notice that the attachment contains an embedded document or the contents are gibberish or missing, do not click on anything. The malware-infected excel spreadsheets are not being detected by most anti-virus software at this time.

To prevent macros from running in Microsoft Office documents, you should do the following:

  1. Open a blank Microsoft Office File
  2. Click on “File” then “Options”
  3. Click on “Trust Center” then “Trust Center Settings”
  4. In Trust Center, click “Macro Settings”
  5. Click on “Disable all macros without notification”
  6. Repeat for each Microsoft Office file type (Word, Excel, PowerPoint, etc.)

For more information about targeted phishing attempts, please visit the UH Information Security Spearphishing page: https://www.hawaii.edu/infosec/spearphishing

If you would like to report a suspected phishing attempt, please forward the email to: phishing@hawaii.edu