What makes this a Phishing message?
There has been a recent spate of email messages to campus containing the Locky ransomware virus in file attachments. The format of the message content and style is very similar:
- Note the suspicious email addresses - the formats are identical. The first is from a domain site in Brazil.
- Similar to spam messages generated by spambots, these messages have generic greetings and are not directed to a specific person.
- Both have the same signature, with the same spelling mistake ("King regards").
Opening the attachment would result in encryption of all files on the computer (and possibly network shared drives) and a ransom message would appear on the screen. The best way to recover from Locky is to restore the files from a clean backup.