Alerts and Advisories

RIT Information Security Alert: Phishing Attacks Targeting RIT

RIT Information Security Alert: Phishing Attacks Targeting RIT

 

1. RIT community members are receiving requests to provide University Identification Numbers (UIDs). The attackers are posing as RIT community members who have forgotten their UIDs. The messages are being sent from external email addresses that mimic the RIT email addresses. (For example, STUDENTADDRESS@gmail.cominstead of STUDENTADDRESS@rit.edu.) Here’s an example of an attack message received:

​2. RIT community members are receiving messages purportedly from RIT that provide a link to Subscribe now to the Tiger's Tale Newsletter. The link provided in the email goes to a website hosted on Yolasite, which has a reputation for hosting scam sites.

Here’s an example of an attack message received. Note that although the From field says Rochester Institute of Technology, the associated email is not an RIT email. If you were to move your cursor over the Subscribe now link, you would see that the link goes to a non-RIT website:

What RIT is doing to protect you:

  • The ITS Service Desk will require proof of identity before resetting passwords over the phone. RIT community members are encouraged to use the automated password reset feature on start.rit.edu when resetting passwords.
  • RIT is working to identify and block the emails from reaching their intended recipients.
  • myMail.rit.edu has not been compromised.
  • Anti virus software with up-to-date virus definitions will protect against viruses and many other threats that may be associated with phishing emails. (McAfee Antivirus software is available free to RIT students, faculty, and staff for home use from http://www.rit.edu/its/services/security/)
  • MySpam MAY block many of these phishing e-mails. However, this is a highly targeted attack and spam filters may be less effective.

What you can do to protect yourself:

  • Protecting yourself from phishing attacks depends on your vigilance.
  • If someone asks you for confidential information such as a University Identification Number (UID), DO NOT provide the information.
  • If you receive an email requesting you to furnish a “forgotten” UID or other confidential information, send a copy of the email to phish@rit.edu.
  • Check the sender's email addresses and hover your cursor over the link in the email to find out where the link really goesFor example, Here's the link to the real Tiger's Tale Newsletter. Hover your cursor over the link to determine where it really goes.
  • NEVER RESPOND TO A REQUEST FOR YOUR PASSWORD sent by e-mail, even if the request appears legitimate. RIT will NEVER ask for your password through e-mail.

For more information:

REMEMBER: RIT will NEVER ask for your password through e-mail.

RIT Information Security Alert: Your Password Will Expire Soon Phishing Attacks

RIT Information Security Alert: Your Password Will Expire Soon Phishing Attacks

If you've received a message with the Subject Line: Your password will expire soon or a similar email, please delete it. The message itself reads: Click here to proceed with your Email update.  

How do you know this is a phishing attempt?

  • ITS does not send out emails with links to update your password.
  • You'll note that the link included in the email does not link to an RIT address; it's on "altervista". (We've removed the link from this example.)
  • The phish uses a common technique of trying to impart a sense of urgency and trying to get you to supply the requested information quickly. 
  • For more information about Phishing, please visit the RIT Information Security Phishing page.

What RIT is doing

RIT is working to block the phishing/malware attacks from reaching RIT e-mail accounts.

  • myMail.rit.edu has not been compromised.
  • McAfee VirusScan (McAfee HIPS) with up-to-date virus definitions will protect against viruses and many other threats that may be associated with phishing emails. (Antivirus software is available free to RIT students, faculty, and staff for home use from http://www.rit.edu/its/services/security/).
  • MySpam will block many of these phishing e-mails. However, senders actively modify messages to avoid spam traps like Brightmail, and that allows a few to slip through.

What you can do

  • Delete the e-mail. If you clicked on the link, change your password NOW, scan your systems for viruses and spyware and report the situation to your Help Desk (SCOB, NTID, ITS).
  • Visit the RIT Information Security Phishing page at http://www.rit.edu/security/content/phishing for information on keeping yourself safe from phishing attempts.

REMEMBER: RIT will NEVER ask for your password through e-mail.

Information Security Alert: Change your RIT Password and Heartbleed Follow Up

Information Security Alert: Change your RIT Password and Heartbleed Follow Up

Why am I receiving this message?

We wanted to provide an update on the Heartbleed situation and remind you to change your RIT passwords. The Heartbleed bug has been widely reported and will require action on your part.

  • Heartbleed bug background—there is a flaw in versions of OpenSSL that allows access to information that would normally be protected through secure connections. The Heartbleed bug allows anyone on the Internet access to see what's in the memory of systems protected by Open SSL, leaving no evidence that they’ve done so. Approximately 2/3 of all websites are affected. Researchers reported the bug on April 7, but the vulnerability has existed since 2011. Note that this is not a breach of a password databases. Website owners and vendors worldwide are in the process of updating/patching the servers hosting these websites.
  • Current Heartbleed status-there are a lot of varying recommendations on what computer users should do in response to the Heartbleed bug and which websites were affected, and you may find it confusing. You have been affected. Many of you have been contacted by the owners of various websites and services and have been asked to update your passwords. Popular websites such as Dropbox, Yahoo, Twitter, and others were affected and many of them are requesting password changes.
  • Android—there are reports circulating that older Android devices (4.1.1) may be vulnerable to the Heartbleed bug. Google has stated that less than 10% of devices run on vulnerable versions.

What You Need To Do

  • For RIT passwords, please change your passwords. Given the scale of this vulnerability, there is concern that passwords may be at risk.
  • For personal passwords, we recommend that you change your passwords. Priority should be given to sites accessing private information, financial accounts and email. Note that if the website is still vulnerable, you may need to change your password again after the site is patched.
  • Stop using the same password for multiple sites! Create a new unique password for each site. Yes, this is painful.
  • Be alert for phishing attempts leveraging the publicity around the OpenSSL bug.
  • Be patient. It may take several weeks (at least) for companies to fix the Heartbleed bug and there may be disruption to Internet services.

What RIT is Doing

  • RIT has successfully secured the vast majority of our computing infrastructure with patches and other mitigations. Some lower profile services have been taken offline until patches are released and mitigations applied. This is a necessary step to protect RIT.
  • RIT continues to work with vendors to implement patches and other mitigations.
  • The RIT Information Security Office continues to conduct vulnerability scanning of the RIT network until all vulnerabilities have been addressed.
  • RIT is quarantining the small number of systems currently affected until they are remediated.
  • Many thanks to the RIT information technology community that has been working around the clock to patch and protect RIT!

For More Information

Information Security Alert: Heartbleed bug may have exposed your passwords

Information Security Alert: Heartbleed bug may have exposed your passwords

 

Why am I receiving this message?

As you may have heard in the news, a major worldwide vulnerability has been discovered that may affect 2/3 of the websites on the internet.

  • Heartbleed bug—there is a flaw in versions of OpenSSL that allows access to information that would normally be protected through secure connections. The Heartbleed bug allows anyone on the Internet access to see what's in the memory of systems protected by Open SSL, leaving no evidence that they’ve done so. Approximately 2/3 of all websites are affected. Researchers reported the bug on April 7, but the vulnerability has existed since 2011. Note that this is not a breach of a password databases. Website owners and vendors worldwide are in the process of updating/patching the servers hosting these websites.

 What RIT is Doing

  • RIT has successfully secured the vast majority of our computing infrastructure with patches and other mitigations. Some lower profile services have been taken offline until patches are released and mitigations applied. This is a necessary step to protect RIT.
  • RIT continues to work with vendors to implement patches and other mitigations.
  • The RIT Information Security Office continues to conduct vulnerability scanning of the RIT network until all vulnerabilities have been addressed.

What You Need To Do

  • For RIT passwords, please change your passwords. Given the scale of this vulnerability, there is concern that passwords may be at risk.
  • For personal passwords, we recommend that you change your passwords. Priority should be given to sites accessing private information, financial accounts and email. Note that if the website is still vulnerable, you may need to change your password again after the site is patched.
  • Stop using the same password for multiple sites! Create a new unique password for each site. Yes, this is painful.
  • Be alert for phishing attempts leveraging the publicity around the OpenSSL bug.

Thank You

  • Many thanks to the RIT information technology community that has been working around the clock to patch and protect RIT!

For More Information

RIT Information Security Alert: Phishing attacks targeting RIT!

RIT Information Security Alert -- Phishing Attacks Targeting RIT

Why am I receiving this message?

A number of RIT computer users are clicking on links and supplying passwords in response to messages that may appear to be official RIT communications. There are several phishing attempts circulating around RIT. Here are a couple of them with hints on how to recognize that they're phishing attempts.

Phish #1

undefined

Phish #2

undefined

If you've received a message similar to these or that in any way looks suspicious, please delete it.

How do I know this is a phishing attempt?

  • RIT will NEVER ask for your password through e-mail.
  • You'll note that the links included in the emails do not link to an RIT address, although it's very similar.
  • The phish uses a common technique of trying to impart a sense of urgency to get you to supply the requested information quickly.
  • For more information about phishing, please visit the RIT Information Security Phishing page.

What is RIT doing to protect me?

  • RIT is working to block the phishing/malware attacks from reaching RIT e-mail accounts.
  • myMail.rit.edu has not been compromised.
  • McAfee VirusScan and other antivirus programs (with up-to-date virus definitions) will protect againts viruses and many other threats that may be associated with phishing emails. (Antivirus software is available free to RIT students, faculty, and staff for home use from http://www.rit.edu/its/services/security/).
  • MySpam will block many of these phishing e-mails. However, senders actively modify messages to avoid spam traps like Brightmail, and that allows a few to slip through.

What can I do to protect myself?

  • Think before you click. Don't be rushed.
  • Delete the e-mail. If you clicked on the link, change your password NOW, scan your systems for viruses and spyware, and report the situation to your Help Desk (SCOB, NTID, ITS).
  • Visit the RIT Information Security Phishing page at http://www.rit.edu/security/content/phishing for information on keeping yourself safe from phishing attempts.

RIT Information Security Alert -- Ransomware Attack

RIT Information Security Alert -- Ransomware Attack

 

 

Why am I receiving this message?

RIT computers have been attacked with CryptoLocker ransomware. Ransomware is malware that encrypts contents of your computer and then demands a payment in order to receive the decryption key and retrieve the data. Ransomware has been around for a couple of years now, but there's been a spike in activity over the last week, and yesterday, a couple of RIT computers were infected.

How do I protect myself against a ransomware attack?

  • Make sure your antivirus running and is up to date. Many antivirus programs detect the malware.
  • Ransomware can infect a computer by a user clicking on a malicious link or through a trojan masquerading as another program. Do not click on links in email without being sure the link goes where you think it does. Hover your cursor over the link to reveal where the link goes.
  • The malicious link may be in any of the spam emails we've been receiving at RIT. Don't click on the links!
  • Back up your data! if you have a back up, you'll probably be able to restore the "kidnapped" data.
  • Report suspicious emails to spam@rit.edu and/or to infosec@rit.edu.

For More Information

RIT Information Security Alert--Phishing Season is Still Open!

RIT Information Security Alert- Phishing Season is Still Open!

Why I’m Receiving This?

RIT continues to receive a number of phishing attacks. One current phishing attack is disguised as an email from the Helpdesk and references a pending upgrade. This one is pretty generic, although the attacker has apparently harvested RIT email addresses:

How do I know these are phishing attempts?

  • We didn't include the addressees in the screenshot above, but the Welcome to RIT  message header listed dozens of names in the To: field.
  • The message has a Password Alert appended to the beginning of the mailnote. RIT's email systems append the Password Alert to most emails that arrive at RIT with the word "password" in the body of the message. That means Be careful!
  • The email salutation is Attn: Subscriber, not a specific name.
  • The email asks for Username and Password. RIT will NEVER ask for you password.

What can I do to protect myself?

Delete the suspicious e-mail. If you clicked on the link, change your password NOW, scan your systems for viruses and spyware,  and report the situation to your Help Desk (SCOB, NTID, ITS, Resnet). Visit the RIT Information Security Phishing page at http://www.rit.edu/security/content/phishing for information on keeping yourself safe from phishing attempts.

REMEMBER: RIT will NEVER ask for your password through e-mail.

RIT Information Security Advisory - Windows Tech Support Scam

RIT Information Security Advisory - Windows Tech Support Scam

 

The Windows Tech Support phone scam is sweeping the country and you may have already received a call from the scammers.

Why I’m Receiving This

The Windows phone support scam is ensnaring many victims:

Phone call from Microsoft—Many people have received calls from people purporting to either work directly for or contracted by Microsoft and that Microsoft is aware of problems with your computer or has seen spam coming from your computer. They ask you to turn on your computer and navigate to and log in to a webpage. (After you log in, the scammer has access to your computer and you've installed malware.) You'll be asked for credit card information, and they will charge you to remove the alleged malware they found (and installed).

For More Information

RIT Information Security Advisory - Scam Watch!

 RIT Information Security Advisory - Scam Watch

 

We've seen a lot of spam over the last few weeks offering everything from cash loans to faculty and staff, various jobs for students, mortgage refinancing, etc. Every year, a few members of the RIT community fall for various scams. You may recognize some of the scams below.

 

Why I’m Receiving This

We're seeing the following scams:

  • Faculty & Staff: Apply online for a Cash Advance Loan—RIT faculty and staff are currently receiving offers of cash advance loans. Some of these may be "legitimate" loans, but they're often high interest and secured by your car or other property. They may also be examples of Advance Fee Fraud, where you send a fee in advance and provide your bank account information. Does anyone see any danger in that?
  • Mystery Shopper—many of us have received info about Mystery Shopper jobs paying $250 or so per job. Sounds great, doesn't it? Almost all of these jobs are bogus and involve providing bank account information and payment through counterfeit checks.
  • Home Financing—There are a number of different home financing schemes, ranging from foreclosure relief to sub-prime refinancing rates. The FBI link below provides more information. 

 

In addition to the current scams listed above, RIT students have fallen victim to the following in the last couple of years:

  • Deaf Lottery—an RIT student was contacted by a Facebook Friend who informed him he had won a deaf lottery. The student was then contacted by an "administrator" through instant messaging. During the course of the scam, the student provided his bank account information and lost hundreds of dollars.
  • Fake apartment listing—a couple of RIT students were moving to the west coast for co-op jobs. They found a listing for an apartment and sent a hefty deposit. When they arrived on the west coast, there was no apartment.
  • Personal ads—an RIT student reported that he responded to a Craigslist Personal Ad that he found “enticing.” He exchanged pictures with the person in the ad who requested that he sign up for an account on saferaffair.com under the pretense that he wasn’t some “crazy stalker.” The website requested personal information and a credit card number “to verify his identity.” When he looked up the person’s email address he found that there were hundreds of complaints that the address belonged to a scammer.
  • Freelance photographer request—an RIT student received a letter from a firm seeking to employ the student to shoot an upcoming out-of-town event. They offered the student $500/hour for his time and mailed the student a check for $2900 with instructions to cash the check, retain a portion of the funds, and forward the remaining share to the “store manager.” This is a common scam where someone sends a counterfeit check and asks for a portion of the check to be wired to someone else.
  • Financial emergency overseas—several RIT people received an urgent note from a known RIT student regarding a robbery he had suffered overseas. The note requested the recipient to wire funds ASAP so that the individual could buy a plane ticket home. The RIT student’s Facebook account was compromised and used to send this message to his Facebook friends 
  • Craigslist—There are MANY scams circulating on Craigslist. Several RIT peopel listed items for sale and were contacted by "buyers" who sent the sellers cashier's checks and asked them to refund the difference. Although the checks appeared legitimate, they were counterfeit. There are also reports about scams connected to room reservations, etc.

 

What RIT is Doing

  • RIT Information Security and Public Safety work to detect these threats and report them to the RIT community as they occur.
  • RIT provides anti-virus software to RIT faculty, staff, and students. Anti-virus software will provide some protection against malicious software.
  • The RIT Information Security Office provides information on Safe Social Networking and other safe practices http://www.rit.edu/security

 

What You can Do

  • If you are the recipient or victim of an online scam, contact RIT Public Safety at(585) 475-2853.
  • If you believe your password may have been compromised, contact the appropriate help desk immediately. Students should contact the ITS HelpDesk at(585) 475-4357 (phone), (585) 475-2810 (TTY).
  • If you suspect the presence of malicious content on an RIT web site, contact the Information Security Office at infosec@rit.edu
  • If you've received what you believe to be a scam email, send the email to spam@rit.edu and forward us a copy at infosec@rit.edu

 

For More Information

RIT INFORMATION SECURITY ALERT -- "Your e-mail will expire soon" Phishing Email

RIT INFORMATION SECURITY ALERT -- "Your e-mail will expire soon" Phishing Email

 

 

RIT email users have received another phishing attack that mimics an RIT official message. PLEASE DON'T CLICK ON THE LINK AND PROVIDE YOUR INFO! You'll receive many of these phishing attempts through the academic year. We won't be able to warn you about all of them.

What does it look like?

Here's a screenshot of the email.  

How can I keep myself safe?

If you've received a message with the Subject Line: "Your e-mail will expire soon," please delete it. 

For more information about Phishing, please visit the RIT Information Security Phishing page.

Pages