Other ways to search: Events Calendar | UTHSC

Cybersecurity Scam of the Week – Fake Copyright Infringement Emails Install Ransomware


Scammers are now using an interesting ploy involving the use of fake copyright infringement emails sent to recipients under the pretense of having used media files without the creator’s license. The emails invoke a need for action by demanding the recipient to remove the content in question from their websites or face legal action. 

The emails, accompanied by a malicious attachment, do not specify exactly what files were unfairly used within the context of the email and instead point the recipient to download and open the file. The attachment is specially crafted to evade detection from email security tools and is a password-protected ZIP archive containing a compressed file with a malicious executable disguised as a PDF document.  


If the recipient opens the malicious file, the malware will be executed leading to the encryption of their device with the LockBit 2.0 ransomware.  

Bleeping Computer has the complete article

What has been reported to Abuse this past week?

  • [Ext] Uthsc.edu Password Warning – a phishing email warning the recipient that their password is expiring today but there is a handy, dandy link to click on to keep their same password. This is not the policy or procedure for UTHSC password management. And an email about our password warning wouldn’t come from an email address from Poland. 
  • [Ext] RE:Changes in DD Details – someone pretending to be someone in our community wanted to change their banking information for their direct deposit. This email requesting a change is outside of UTHSC policy. Official information about payroll can be found here
  • Email Verify – notice there is no [Ext] at the beginning of this Subject line. An account from another UT campus was compromised and started sending out phishing emails. This one was about another password expiration that needed to be urgently addressed. 
  • School News – same compromised email address tried another tactic of a too good to be true part-time job scam. 
  • UTK NEWS – another compromised email address, but the same part-time job scam. This might have worked better if they only limited recipients to UTK email addresses instead of UTHSC. 
  • [Ext] Order #9841320792058 – an email that looked like it came from Best Buy’s Geed Squad, but the email address was a Gmail account. They conveniently provided a phone number to dispute the charge, in the hopes that the recipient would call so they can get banking information to “verify the charge”. 
  • [Ext] Item shared with you: “ADMIN WORK-ORDER FILE.pdf”– from an outside email address, this phish is wanting the recipients to click on a link that “Dr. Buckley Peter” “sent”. 

Keep reporting suspicious emails to abuse@uthsc.edu for examination. If you wish to report an incident to the Office of Cybersecurity, use TechConnect.