Welcome to
Information Security

The ongoing evolution of digital communication also brings about the evolution of scammers and their methods. Phishing is one kind of such fraud, in which the attacker masquerades as a reputable individual or group, in order to trick users into revealing their private information. Check out our resources to learn how not be baited and reeled in!

Learn more »

,
Are you the
Weakest Link

Get information on how to safely remove private information from your devices and stay protected. The chain of security is in your hands.

Learn more »

,
Guard your
Private Information

The Private Information Management Initiative (PIMI) seeks to identify and reduce the amount of private information found on RIT computers and storage devices.

Learn More »

InfoSec About Us Lock + Cable
Sentinel - Standards and Policies
Protect yourself from
Phishing
 
 

RIT Information Security Alert--Memo from HR Department Phishing Attempt

Here’s the phishing email:

-------------------------------------------------------------------------------

From: John Daniel <offsiteaddress>

Subject: Memo from HR Department
To: <RIT ADDRESSEE>

Greetings,

 

You have a message from the Human Resources Department.

 

Click here to view your message <Link goes to spoofed Outlook Web Access page>

 

Copyright © 2017. All rights reserved.

------------------------------------------------------------

How do I know this is a phishing attempt?

  • The days of looking at an email and knowing immediately that it's a phishing attempt
  • ... ...

RIT Information Security Advisory: Stealthy Word-wire Cyberattack

Cybersecurity firms are warning of an additional attack that targets the same vulnerabilities targeted by the WannaCry ransomware. Unlike WannaCry, this is not a ransomware attack. Instead the attackers take control of your computer and use it to mine virtual currency (cryptocurrency).

The issue for you is that even though the attackers haven’t yet encrypted your files and demanded a ransom, they’re still able to do that at any time, and they also have access to all files stored on your computer. You MAY notice a slowdown in how fast your computer runs or be unable to access specific resources.... ...

RIT Information Security Alert:: Preparing for WannaCry and Other Ransomware Attacks

We’ve seen many reports about the WannaCry ransomware attack that has been hitting computers worldwide. Although a researcher was fortunate enough to accidentally stop the initial wave of attacks, recent reports indicate that the attackers will be launching a new round of attacks. Researchers suspect that initial infections may have occurred through phishing attacks. The WannaCry ransomware itself is promulgating as a worm through networks worldwide. Worms prey on vulnerabilities in unpatched computers. NO USER INTERACTION needs to occur to be infected.

Ransomware is malicious software that encrypts a victim’s hard drive and then demands that a ransom be paid... ...

RIT Information Security Advisory: Rapid Worldwide Increase in Ransomware Attacks

The BBC and other news outlets are reporting a rapid increase in the number of ransomware attacks worldwide. According to the article, computers have been locked up in thousands of locations worldwide. The increase in attacks may be linked to a group known as The Shadow Brokers, which is the group that claims to have released NSA hacking tools. Although it's unclear at this time, researchers believe the attack is spreading through a worm. Worms prey on vulnerabilities in unpatched computers.

Ransomware is malicious software that encrypts a victim’s hard drive and then demands that a ransom be paid in... ...

Information Security Advisory: Attack through Google Docs Request (Now Mitigated)

Attack through Google Docs (Now Mitigated)

Early today, RIT users were targeted in a phishing attack that masquerades as a document request on Google Docs. The link provided in the email messages are to the legitimate Google login system. Google has now blocked this particular attack from occurring.

Here's one of the variants below. You'll note that it very closely resembles the read Google docs notification email.

How do I know this is a phishing attempt?

  • The days of
  • ... ...