Welcome to
Information Security

The Information Security Office at RIT is here to help! We offer resources and assistance to keep the campus community safe and secure from Internet and various other online threats.

Protect yourself from
Phishing

The ongoing evolution of digital communication also brings about the evolution of scammers and their methods. Phishing is one kind of such fraud, in which the attacker masquerades as a reputable individual or group, in order to trick users into revealing their private information. Check out our resources to learn how not be baited and reeled in!

Learn more »

Are you the
Weakest Link

Get information on how to safely remove private information from your devices and stay protected. The chain of security is in your hands.

Learn more »

Guard your
Private Information

The Private Information Management Initiative (PIMI) seeks to identify and reduce the amount of private information found on RIT computers and storage devices.

Learn More »

 
 

RIT Information Security Alert: Ransomware on Campus from Academic Program Inquiry

A computer in an RIT department was infected with ransomware from a file attachment purporting to be an example of work from a student. The student name on the email was spoofed. The email had been caught in the RIT spam filter. However, the spoofed sender name looked authentic and the recipient released the email and opened the zipped attachment, triggering the ransomware attack.

Sample Phishing Email

Sender:   name@gmail.com (name changed)

Recipients:   name@.rit.edu <RIT username>

Subject:  Re: RIT Application

[Executable Attachment] Namecodes.zip

Respected Sir,

I have submitted my application for <Specific RIT Program.>

I have attached an... ...

RIT Information Security Alert: Phishing Attempts with Executable Attachments

RIT people are receiving email with attachments that appear to be purchase orders. We’ve provided an example below. Note that the sender, subject line, and attachment name may all vary.

Sample Phishing email

Attachment: Order No. 1710010.gz [attachment name may vary]

From: Tracey Adams <order at batsam.de>
Date: Thu 1/5/2017 5:27 AM
Subject: [Executable Attachment]Order No. 1710010
To:

Good Morning,

Happy New Year !!! 

Find attached our new purchase order 1710010 

Your confirmation order is required in the next 48 hours Indicating 
possible differences in dates, prices, 
quantities,... ...

RIT Information Security Alert: Phishing Attempts Involving Personal Websites at people.rit.edu

We’re receiving reports of attempts to use personal websites on people.rit.edu to collect user and password information through phishing emails. (People.rit.edu provides a way for the RIT community to create and publish personal websites with the address people.rit.edu/username>.) The emails appear to be from student accounts and contain a PDF file that links to a Google Form posted on various people.rit.edu websites. The Google Form requests username and password information.

Sample Phishing email

---------- Forwarded message ----------
Attachment: New_Blank_Document.pdf [attachment name may vary]

From: [Account Name] <accountname@rit.edu>
Date: Tue, Dec 13, 2016 at 12:39 PM
... ...

RIT Information Security Alert: Urgent-Important Campus Alert! Email

RIT users have received a phishing attempt masquerading as an alert that there's a police situation on campus. The alert is false. Had there been an actual alert, you would have been notified through the RIT Alert emergency notification system. Visit http://emergency.rit.edu/ for more information.

Here's the fake alert:

  From: Bamidele Adekunle <badekunl@uoguelph.cs>  Data: Wednesday, December 7, 2016 at 10:38 AM  Subject: Re: Urgent-Important Campus Alert! (Rit.Edu)    Re: Urgent-Important Campus Alert! (Rit.Edu)  Hello, ... ...

RIT Information Security Advisory - New Ransomware Attack Vectors

Ransomware is malicious software that encrypts a victim's hard drive and then demands that a ransom be paid in order to decrypt the contents. The frequency of ransomeware attacks across higher education continues to increase. The attackers may not come in a way you expect! We're seeing new attack vectors and want you to be aware of them. You may already be careful about opening attachments in email from you computer. Are you as careful when opening attachments or clicking on links on your smartphone or tablet?

Smartphones and other Mobile Devices - 2016 has seen many attacks targeted at Android and... ...