RIT Information Security

Alerts and Advisories

RIT Information Security Alert--RIT E-mail Service Update Phishing Attack

VIrus AlertRIT Information Security Alert--RIT E-mail Service Update Phishing Attack

 

Why am I receiving this message?

RIT email users have received a phishing attack that mimics an RIT official message.

 

If you've received a message with the Subject Line: RIT E-mail Service Update, please delete it. Here's a screenshot of the phish that's currently being received by RIT users:

 

 

 

How do I know this is a phishing attempt?

  • ITS does not send out emails with links to Outlook Webmail. 
  • You'll note that the link included in the email does not link to an RIT address, although it's very similar. (We've removed the link from this example.)
  • The phish uses a common technique of trying to impart a sense of urgency and trying to get you to supply the requested information quickly. (If RIT was making a change of this magnitude, you would have received information through RIT Message Center, among other official channels.
  • For more information about Phishing, please visit the RIT Information Security Phishing page.

RIT Information Security Alert--Verify Your RIT Webmail Phishing Attack

RIT Information Security Alert--Verify Your RIT Webmail Phishing Attack

 

Why am I receiving this message?

RIT email users have received a phishing attack that mimics an RIT official message.

 

If you've received a message asking to click on a link to provide proof of the existence and functionality of your email, please delete it. Here's a screenshot of the phish that's currently being received by RIT users:

 

 

How do I know this is a phishing attempt?

  • ITS does not send out emails requesting login information. 
  • You'll note that the link included in the email does not link to an RIT address. (We've removed the link from this example.)
  • The phish uses a common technique of trying to impart a sense of urgency and trying to get you to supply the requested information quickly.
  • This is a pretty obvious phish. If you had trouble identifying it, please visit the RIT Information Security Phishing page.

RIT Information Security Alert--Your Direct Deposit was Declined Phishing Attack

RIT Information Security Alert--Your Direct Deposit was Declined Phishing Attack

 

Why am I receiving this message?

RIT continues to receive phishing attacks this fall, some disguised as delivery confirmations or declined payment notices.

If you've receive a message asking for your password or login credentials, please delete it. Here's an example of a recent phish we've received, designed to trick you into logging into what you think is a legitimate website where you'll enter login information. Here's the phish that was reported to us today.

We regret to notify you, that your most recent Direct Deposit via ACH payment (#785100159699) was cancelled, due to your business software package being out of date. The detailed information about this matter is available in the secure section of our web site:

Details

Please consult with your financial institution to obtain the necessary updates of the Direct Deposit software.

Best regards,

ACH Network Rules Department

NACHA | The Electronic Payments Association

13450 Sunrise Valley Drive, Suite 100

Herndon, VA 20171

Phone: 703-561-1100 Fax: 703-787-0996

How do I know this is a phishing attempt?

  • If you examine the original email, you'll see a couple of tips that the email is a phishing attempt. In the From: field, you'll see that the nacha.org address is really an ameriton.com address.
  • If you were to hover over the Details link with your mouse, you'd see that the link goes to onedirectionfanclub, not nacha.org. (Onedirectionfanclub is probably a hacked website.)

What is RIT doing to protect me?

  • RIT is working to block the phishing/malware attacks from reaching RIT e-mail accounts.
  • myMail.rit.edu has not been compromised.
  • McAfee VirusScan with up-to-date virus definitions will protect against viruses and many other threats that may be associated with phishing emails. (Antivirus software is available free to RIT students, faculty, and staff for home use from http://www.rit.edu/its/services/security/).
  • MySpam will block many of these phishing e-mails. However, senders actively modify messages to avoid spam traps like Brightmail, and that allows a few to slip through.

What can I do to protect myself?

Delete the e-mail. If you clicked on the link, change your password NOW, scan your systems for viruses and spyware,  and report the situation to your Help Desk (SCOB, NTID, ITS).

Visit the RIT Information Security Phishing page at http://www.rit.edu/security/content/phishing for information on keeping yourself safe from phishing attempts.

REMEMBER: RIT will NEVER ask for your password through e-mail.

RIT Information Security Alert--Verizon and Other Phishing Attacks on RIT Users

DSD Logo

RIT Information Security Alert--Verizon and Other Phishing Attacks on RIT Users

 

Why are we posting this message?

RIT has received several rounds of phishing attacks this fall. On average, almost 25 RIT users will respond to a well-crafted phish. 

If you've receive a message asking for your password or login credentials, please delete it. Here's an example of some recent phishes we've received, designed to trick you into logging into what you think are legitimate websites where you'll enter login information.

  • From AccountNotify@verizonwireless.com, with the subject line: "Your Bill is Now Available." Addressed to your email account.



    The e-mail embeds Verizon graphics and appears like an authentic notification. However, the links in the graphic do not go to Verizon. (Screenshot below.) 

Verizon Phish

  • From UPS Shipments, with "Your package has arrived" in the subject line 

From: UPS Shipments [mailto:tracking@ups.com]

Sent: Tuesday, August 30, 2011 9:34 AM

To: Your Name

Subject: Your package has arrived!

Dear client

Your package has arrived.

The tracking # is : 07D8B1F11FD9C351 and can be used at :

http://www.ups.com/tracking/tracking.html

The shipping invoice can be downloaded from :

Link Removed



Thank you,

United Parcel Service

*** This is an automatically generated email, please do not reply ***

What is RIT doing to protect me?

  • RIT is working to block the phishing/malware attacks from reaching RIT e-mail accounts.
  • myMail.rit.edu has not been compromised.
  • McAfee VirusScan with up-to-date virus definitions will protect against viruses and many other threats that may be associated with phishing emails. (Antivirus software is available free to RIT students, faculty, and staff for home use from http://www.rit.edu/its/services/security/).
  • MySpam will block many of these phishing e-mails. However, senders actively modify messages to avoid spam traps like Brightmail, and that allows a few to slip through.

What can I do to protect myself?

Delete the e-mail. If you clicked on the link, change your password NOW, scan your systems for viruses and spyware,  and report the situation to your Help Desk (SCOB, NTID, ITS).

Visit the RIT Information Security Phishing page at http://www.rit.edu/security/content/phishing for information on keeping yourself safe from phishing attempts.

REMEMBER: RIT will NEVER ask for your password through e-mail.

Important-Please Update your RIT.EDU details Phishing Attack on RIT Community

Important-Please Update your RIT.EDU details Phishing Attack on RIT Community

  EMERGENCY TEST

Why am I receiving this message?

RIT users are being targeted by a phishing email with the subject line "Important! Please Update Your RIT.EDU Details!" Clicking the link takes you to a spreadsheet in Google Docs. If you look at the email closely, you'll see a number of indicators that it's a phishing attempt. Several members of the RIT community have reported similar phishing attempts to us today.

Note that we also saw a phishing attempt with the Subject line "Dear Student" purportedly from the Computer Science Department last week.

 

Delete these messages.

Here's the text of the email:

From: Susan Linville <susan.linville@stokes.k12.nc.us>
Date: Monday, July 30, 2012 10:51 AM
Subject: Important! Please Update Your RIT.EDU Details!

IMPORTANT!

Please open the below site to update your contact Details:

Rochester Institute of Technology Update

Powered by Admin in collaboration with Google.

Email Disclaimer:  Please be advised that the contents of this message and any reply may be subject to disclosure under North Carolina law.  This communication is for use by the intended recipient and contains information that may be privileged, confidential, or copyrighted under applicable law.  If you are not the intended recipient, you are hereby formally notified that any use, copying, or distribution of this communication, in whole or in part, is strictly prohibited.  Please advise the sender immediately by reply e-mail and delete this message and any attachments without retaining a copy.  This communication does not constitute consent to the use of sender's contact information for direct marketing purposes or for transfers of data to third parties.

What is RIT doing to protect me?

  • RIT is working to block the phishing/malware attacks from reaching RIT e-mail accounts.

  • myMail.rit.edu has not been compromised.

  • McAfee VirusScan with up-to-date virus definitions will protect against viruses and many other threats that may be associated with phishing emails. (Antivirus software is available free to RIT students, faculty, and staff for home use from http://www.rit.edu/its/services/security/).

  • MySpam will block many of these phishing e-mails. However, senders actively modify messages to avoid spam traps like Brightmail, and that allows a few to slip through.

What can I do to protect myself?

Delete the e-mail. If you clicked on the CLICK HERE link, change your password NOW, scan your systems for viruses and spyware,  and report the situation to your Help Desk (COB, NTID, ITS).

General protection against phishing scams 

Safe practices

  • NEVER RESPOND TO A REQUEST FOR YOUR PASSWORD sent by e-mail, even if the request appears legitimate. RIT will NEVER ask for your password through e-mail.

  • Do not provide identity information, including credit card numbers, when you receive an unsolicited e-mail or phone call.

  • Do not open attachments in unexpected or suspicious e-mails or instant messages.

  • Do not click anywhere on the e-mail—even in what may appear to be white space.

  • Delete the e-mail or instant message.

  • If the e-mail or instant message provides a link to a site where you are requested to enter personal information, it may be a phish. The real link may also be masked. Move your mouse over the link and it may show a different address than the one displayed in the e-mail.

  • Be selective in what sites you provide with your RIT e-mail address.

Technical solutions

  • Use a limited or non-administrator account when opening e-mail and browsing the Internet. A limited account will help protect you against many malware attacks. Finance and Administration (and some RIT colleges) already protect their users by giving them limited accounts. (A demo on setting up a limited account in Windows XP is available at /security/simulations/102a/102A1.html. Macintosh security instructions are at http://www.rit.edu/its/services/desktop_support/mac/xsecurityaudit.html.) Windows 7 provides built-in equivalent protection. 

  • Add an anti-phishing toolbar to Internet Explorer or Firefox. Anti-phishing toolbars help detect and may block known phishing sites. ITS is providing McAfee anti-phishing tools to ePO-managed users. All users were required to have anti-phishing software after August 1, 2009.

For more information

General scam and phishing information: