Active Malicious Email Attack

Thursday, June 3, 2021, 9:30am

TO: Campus Community
FR: Andru Luvisi, Information Security Officer

The Microsoft Threat Intelligence Center (MSTIC) has announced a wide-scale malicious email campaign primarily involving the installation of malicious software, also known as malware.  Additional technical details are available in Microsoft’s blog post.

This is a serious threat, and we wish to remind all campus community members to be especially vigilant about avoiding malicious links and attachments in email.  Phishing emails are continually sent to members of our campus community. What to do when you suspect that an email may be phishing or contains malicious content:

  • Don't respond
  • Don't open any attachments or click any links in the email
  • Never provide account credentials and passwords through email


  • Verify the contents of the message with the corresponding institution by typing in the URL yourself, or verify offline by calling them with a phone number known to you, not with any information from the email itself.
  • If you are unsure whether an email is legitimate, contact the IT Help Desk at 707.664.HELP or SSU IT will never ask you for your username and password in an email.

Additional information about phishing can be found on SSU’s Phishing FAQ website.  The computer security software company Cofense offers a handout with additional tips on how to spot phishing attempts.