Welcome to
Information Security

The Information Security Office provides leadership to the RIT community in safeguarding the confidentiality, integrity and availability of RIT’s  information resources.

Learn more »

Are you the
Weakest Link

Get information on how to safely remove private information from your devices and stay protected. The chain of security is in your hands.

Learn more »

Guard your
Private Information

The Private Information Management Initiative (PIMI) seeks to identify and reduce the amount of private information found on RIT computers and storage devices.

Learn More »

Learn more
InfoSec About Us Lock + Cable
Sentinel - Standards and Policies
Learn about

The ongoing evolution of digital communication also brings about the evolution of scammers and their methods. Phishing is one kind of such fraud, in which the attacker masquerades as a reputable individual or group, in order to trick users into revealing their private information. Check out our resources to learn how not be baited and reeled in!

Learn more »


RIT Information Security Alert: Phishing Attempts with Executable Attachments

RIT people are receiving email with attachments that appear to be purchase orders. We’ve provided an example below. Note that the sender, subject line, and attachment name may all vary.

Sample Phishing email

Attachment: Order No. 1710010.gz [attachment name may vary]

From: Tracey Adams <order at batsam.de>
Date: Thu 1/5/2017 5:27 AM
Subject: [Executable Attachment]Order No. 1710010

Good Morning,

Happy New Year !!! 

Find attached our new purchase order 1710010 

Your confirmation order is required in the next 48 hours Indicating 
possible differences in dates, prices, 
quantities,... ...

RIT Information Security Alert: Phishing Attempts Involving Personal Websites at people.rit.edu

We’re receiving reports of attempts to use personal websites on people.rit.edu to collect user and password information through phishing emails. (People.rit.edu provides a way for the RIT community to create and publish personal websites with the address people.rit.edu/username>.) The emails appear to be from student accounts and contain a PDF file that links to a Google Form posted on various people.rit.edu websites. The Google Form requests username and password information.

Sample Phishing email

---------- Forwarded message ----------
Attachment: New_Blank_Document.pdf [attachment name may vary]

From: [Account Name] <accountname@rit.edu>
Date: Tue, Dec 13, 2016 at 12:39 PM
... ...

RIT Information Security Alert: Urgent-Important Campus Alert! Email

RIT users have received a phishing attempt masquerading as an alert that there's a police situation on campus. The alert is false. Had there been an actual alert, you would have been notified through the RIT Alert emergency notification system. Visit http://emergency.rit.edu/ for more information.

Here's the fake alert:

  From: Bamidele Adekunle <badekunl@uoguelph.cs>  Data: Wednesday, December 7, 2016 at 10:38 AM  Subject: Re: Urgent-Important Campus Alert! (Rit.Edu)    Re: Urgent-Important Campus Alert! (Rit.Edu)  Hello, ... ...

RIT Information Security Advisory - New Ransomware Attack Vectors

Ransomware is malicious software that encrypts a victim's hard drive and then demands that a ransom be paid in order to decrypt the contents. The frequency of ransomeware attacks across higher education continues to increase. The attackers may not come in a way you expect! We're seeing new attack vectors and want you to be aware of them. You may already be careful about opening attachments in email from you computer. Are you as careful when opening attachments or clicking on links on your smartphone or tablet?

Smartphones and other Mobile Devices - 2016 has seen many attacks targeted at Android and... ...

The Danger of Phishing Emails and How to Detect Them

Phishing is designed to lure you into clicking on a malicious link or giving up personal information. The creator of these types of emails can disguise the address of the sender to make it look like the email is coming from a reliable source, use information from your social media accounts to make it more personalized, and choose a subject line for the email based on current events, or something that applies specifically to you. The goal for the attacker is to make these emails look as convincing as possible so the reader will click on any attached links without... ...