It has come to our attention from another institution that someone is attempting a non-email form of phishing attack. A small number of people at multiple sites are getting physical (snail) mail, not email, indicating a possible security issue they should be aware of. Details are supposedly included on an enclosed DVD.
The DVD contains an executable you are supposed to run that contains the details. In reality it contains a trojan horse that snaps a screenshot every few seconds and uploads it to a remote command/control site. The malware runs as the user, and isn't picked up by antivirus.
Individuals targeted range from upper management to researchers/student assistants. If you receive such a package, please DO NOT insert the DVD into your system. Contact InfoSec [at] mcgill.ca to report the incident.