Threat Alert: Travel-Themed Lures Lead to RMM Tool Installation

• A series of phishing messages are delivering attacks using travel reservation and invoice-themed lures.
• The lures claim recipients have outstanding payments due, an upcoming travel reservation, or a problem with a tax refund.
• The lures contain pressure-inducing language that directs recipients to open an attached PDF file.
• Interacting with this file ultimately leads to the installation of the Bluetrait remote management monitoring (RMM) tool.
• Attackers can use Bluetrait to steal credentials, commit fraud, or install additional malware.

Key Action: Report Suspicious Emails 

• Remember cybercriminals take advantage of strong emotions. Emails warning of outstanding invoices, unexpected upcoming travel, or tax refund issues can be anxiety-inducing. Cybercriminals capitalize on the difficulty in thinking clearly in such moments.
• Never download attachments associated with unexpected messages. Never open, preview, or download an unexpected attachment unless you are certain a file is safe. These actions can expose you to malware.
• Report ANY suspicious emails received in your UCSF email box using the Phish Alarm button.