Welcome to
Information Security

The Information Security Office at RIT is here to help! We offer resources and assistance to keep the campus community safe and secure from Internet and various other online threats.

Protect yourself from
Phishing

The ongoing evolution of digital communication also brings about the evolution of scammers and their methods. Phishing is one kind of such fraud, in which the attacker masquerades as a reputable individual or group, in order to trick users into revealing their private information. Check out our resources to learn how not be baited and reeled in!

Learn more »

Are you the
Weakest Link

Get information on how to safely remove private information from your devices and stay protected. The chain of security is in your hands.

Learn more »

Guard your
Private Information

The Private Information Management Initiative (PIMI) seeks to identify and reduce the amount of private information found on RIT computers and storage devices.

Learn More »

 
 

RIT Information Security Alert: Payroll Services Email Addresses Updated Phish

RIT faculty and staff received an email Friday afternoon purportedly from RIT Payroll Services. The email claimed that recipient email addresses had been updated and asked recipients to click on a link and fill out a form if they had not updated them. A copy of the phish is provided below.

RIT Information Security contacted the company hosting the page with the form. The company removed the form within 15 minutes.

Sample Phishing Email

From: Payroll Services <payroll@rit.edu>
Date: Feb 17, 2017 3:34 PM
Subject: Email addresses updated
To:
Cc: 

This email is... ...

RIT Information Security Advisory: Published Accounts of Hacker Breaching RIT

A Russian-speaking hacker provided a list to an online publication claiming that he had breached 63 different agencies and institutions. RIT was one of the institutions on the list.

The term “breach” is a bit of a misnomer. The attacker found what’s known as a SQL injection vulnerability in one student website hosted on people.rit.edu. A SQL injection vulnerability typically occurs when someone is able to enter unexpected data (such as commands) into a login field, gaining access to portions of the database to which they shouldn’t have access.

What RIT is Doing

RIT is remediating and verifying... ...

RIT Information Security Advisory: Tax Season Scams, Fraud Activity

Each tax season we hear of tax scams. The IRS issues many alerts about various scams and we've provided links to several of them below. As they did last year, cybercriminals are targeting tax professionals (and even payroll departments) to obtain identity information, buying and selling blocks of W2 information on the Dark Web. You can’t prevent the cybercriminals from obtaining your information from 3rd parties. However, you can better protect your information and lessen the possibility of being a victim of tax fraud.

Brian Krebs, a noted security expert and researcher, recommends the following steps:

  • File before the
  • ... ...

RIT Information Security Advisory: Job Scams!

The FBI has released a public service announcement warning college students of common employment scams, These scams often result in financial loss to participating students.

The FBI public service announcement described general employment scams targeting college students. Although we haven’t had any cases reported to us recently, RIT students have fallen victim to various employment scams previously, including ones similar to the example described below. We want to help you identify future scams.

How the Scam Words (from the FBI PSA)

  • Scammers post online job advertisements soliciting college students for administrative positions.
  • The student employee receives counterfeit checks in the
  • ... ...

RIT Information Security Alert: Ransomware on Campus from Academic Program Inquiry

A computer in an RIT department was infected with ransomware from a file attachment purporting to be an example of work from a student. The student name on the email was spoofed. The email had been caught in the RIT spam filter. However, the spoofed sender name looked authentic and the recipient released the email and opened the zipped attachment, triggering the ransomware attack.

Sample Phishing Email

Sender:   name@gmail.com (name changed)

Recipients:   name@.rit.edu <RIT username>

Subject:  Re: RIT Application

[Executable Attachment] Namecodes.zip

Respected Sir,

I have submitted my application for <Specific RIT Program.>

I have attached an... ...