Security Advisory: "You have voicemail!" malware

Univeristy of Regina email users should keep their eyes peeled for a phishing attempt which trys to appear as a legitimate, automated the voice mail service. The message has a subject line “You have received a voice mail from 603-###-####”. The body of the email contains the fake data about the voicemail and caller, and a link to download the voice message. The link will download malware onto the user’s computer.

Scammers earn the trust of the recipients through social engineering tactics, such as including information that looks correct and appropriate to be receiving in the visual voicemail email. An “Email ID” that appears to be coming from an internal email address at the recipient’s organization, as well as a “Download Message” link that appears to host the fake audio file on the recipient’s organization’s domain, are throwing off recipients and causing them to trust the email enough to click on the download link.

The message is not legitimate and does not originate from the University of Regina.  There is no voice mail to be retrieved.

In this case, note that the sender is not a valid email address, and the link to the voice mail message is a suspicious looking URL, as circled in blue.

Ensure to hover over any links in emails prior to clicking on them.  This will reveal the URL of the link's target without clicking on it.

In this case, the URL go to externally hosted sites which are designed to deliver malware.  

Valid emails from the University will come from a Uregina.ca email address and will be hosted on a Uregina.ca URL.

The link provided in the email address attempts to infect the computer with malware. Malware is a catch-all term for various malicious software, including viruses, adware, spyware, browser hijacking software, and fake security software.

Once installed on your computer, these programs can seriously affect your privacy and your computer's security.

If you received this message, please delete it immediately if you have not already done so.   If you clicked on the link in the email, please contact the IT Support Centre as soon as possible as your system may have been infected, and requires a malware scan.  Additionally, if malware protection is not installed, up to date/current, or is not running, it is recommended that you ensure a malware scan has been completed.

Users should also ensure that macros are do not run by default across their Office suite. Users with managed machines and Office 2013 installed will already be configured as such.

See the Malware Resources page.

Please contact the IT Support Centre if you require assistance:

In person at ED 137 or Archer Library Main Floor Commons

Phone 306-585-4685
Email IT.Support@uregina.ca
Webform https://www.uregina.ca/is/forms/ticket.html
In person at ED 137 or Archer Library Main Floor Commons