A little over a week ago, RIT users were targeted in a phishing attack that masqueraded as important messages. The links provided in the email messages resembled our myinfo page.
Here’s one of the variants below. You’ll note that although the end of the link is myinfo.rit.edu, the first part of the link is to a location in Brazil. Clicking on that link would take you to the website that mimics myinfo.rit.edu, not to the RIT site.
From: INTERNAL ACCOUNT NAME [mailto:email@example.com]
Sent: Wednesday, October 19, 2016 3:56 PM
Subject: Important message from RIT Faculty/Staff
You have new important message from Faculty/Staff.
Click here to read <LINK is to http//EVILSITE.com.br/includes/myinfo.rit.edu.html>
Information Technology Services(ITS)
Rochester Institute of Technology
How do I know this is a phishing attempt?
- The days of looking at an email and knowing immediately that it's a phishing attempt are over. The sender address and the logo may look authentic. Pay attention to what the email is asking you to do, or if it has an unexpected attachment.
- RIT does not send out emails requesting your password or asking you to validate your webmail or assist with quarantine by clicking on a link, etc.
- Phish use a common technique of trying to impart a sense of urgency and trying to get you to supply the requested information quickly.
- You'll note that the sender address looks legitimate, and you may receive phishing attacks from spoofed or compromised RIT email accounts. (The ITS account was not compromised.)
- For more information about Phishing, please visit the RIT Information Security Phishing page.
Quick Infosec Tip: Many of us use smartphones or tablets to check our RIT email. Although we can’t hover our cursor over a link to see where the link goes, we can press on the link until we see the pop-up providing that information. We must be extremely cautious in clicking on links from our mobile devices.