GW IT identifies email malware targeting personal financial information

Email malware has targeted users in the GW community, jeopardizing personal financial information records, according to an email from GW Information Technology Thursday.

The email states GW IT staff identified the malware that aimed to compromise financial information like refunds, online transactions and invoices through links sent to users in emails. Officials said users who click the link in the emails will start downloading a document or a “password-protected zip archive” and will launch and install the malware if they click the link and enter the password, which is often included in the message.

“If you receive a Word or PDF document asking you to enable a macro or click on a blurred image to ‘enable viewing’ or ‘unlock’ it, DO NOT reply to it, open any attachments or click on the link,” the email states. “Similarly, do not open an unexpected password protected document that has a password listed in the body of the same message.”

Officials are urging students to avoid interacting with the emails, which might appear as replies to pre-existing email threads and “may contain links to Google Drive, Microsoft Word and PDF documents, Microsoft PowerPoint decks or research reports,” according to the email. The email could take the form of either messages sent in response to a large group email thread or messages from “new or unknown senders,” the IT email states.

A cyberattack temporarily forced The GW Hospital to move its operations offline when its majority owner, Universal Health Services, experienced technology security problems in September.

Officials said the email might include phrases like “here is a form you asked,” “here is an update of the project” and “check out my presentation.” The email from GW IT states students who “receive unexpected or suspicious looking emails” should avoid opening attachments, clicking links and selecting images to “enable or unlock viewing,” and they should forward those emails to

Students with questions about the legitimacy of a link or message should contact the IT Support Center, the IT email states.

The Hatchet has disabled comments on our website. Learn more.