Most people know that a sophisticated phishing attack has hit the campus over the past few days. It came from within the campus, and consisted of a message saying ‘Check invoice’ and had an attachment that was a .zip file. If you clicked on the link (say because it came from someone you knew, and did occasionally receive invoices) your computer was infected and it immediately began spreading the infection further.
So, for right now C&IT is blocking all .zip file attachments. And it just reinforces the message that we have been sending: ‘Don’t click on attachments you aren’t expecting’.
But there’s another lesson also. If you do need to send an attachment (and it’s not inherently a bad thing to do) say something in the email message itself about what the attachment is and why you are sending it. So instead of ‘Check invoice’ say something like ‘Here’s the invoice from the Blixeldorf Corporation that we were waiting for’. That kind of text in an email message is impossible to fake (and, of course, if the recipient wasn’t waiting for that invoice they’ll know it’s fake).
So don’t open mystery attachments, and make sure any that you send aren’t mysteries to the people you send them to.
If you do need to send a .zip file in the coming days, you can do so via Wayne Connect Briefcase.