RIT Information Security Alert: Important Message from Faculty/Staff Phishing Email

RIT users are again being targeted in a phishing attack that masquerades as important messages to employees. The links provided in the email messages resemble our myinfo page.

Here’s one of the variants below. You’ll note that although the end of the link is myinfo.rit.edu, the first part of the link is to a compromised WordPress site. Clicking on that link would take you to the website that mimics myinfo.rit.edu, not to the RIT site. 

------------------------------------------------------------------------------------------------------------------------------------

From: Rochester Institute of Technology [mailto:noreply@rit.edu]

Sent: Tue 3/28/2017 1:15 PM

Subject: Important message from RIT Faculty/Staff

Dear Employee:
You have new important message from Faculty/Staff.
Click here to read <LINK is to a compromised page on a WordPress site and includes myinfo.rit.edu.html>

Thank You
Information Technology Services(ITS)
Rochester Institute of Technology

CONFIDENTIALITY NOTE: The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information.

Please consider the environment before printing this e-mail.
------------------------------------------------------------------------------------------------------------------------------------

How do I know this is a phishing attempt?

  • The days of looking at an email and knowing immediately that it's a phishing attempt are over. The sender address and the logo may look authentic. Pay attention to what the email is asking you to do, or if it has an unexpected attachment.
  • RIT does not send out emails requesting your password or asking you to validate your webmail or assist with quarantine by clicking on a link, etc.
  • Phish use a common technique of trying to impart a sense of urgency and trying to get you to supply the requested information quickly. 
  • You'll note that the sender address looks legitimate, and you may receive phishing attacks from spoofed or compromised RIT email accounts. (The ITS account was not compromised.)

What is RIT doing to protect me?

  • RIT blocks most phishing/malware attacks from reaching RIT e-mail accounts.
  • myMail.rit.edu has not been compromised.
  • McAfee VirusScan (McAfee HIPS) with up-to-date virus definitions will protect against viruses and many other threats that may be associated with phishing emails. (Antivirus software is available free to RIT students, faculty, and staff for home use from http://www.rit.edu/its/services/security/).
  • MySpam will block many of these phishing e-mails. However, senders actively modify messages to avoid spam traps like Ironport, and that allows a few to slip through.

What can I do to protect myself?

RID RIT of the phishing attempt

  • REPORT the phishing attempt to spam@rit.edu and infosec@rit.edu
  • INSPECT your computer if you clicked on the link by running a virus scan. (Change your password if you provided it.)
  • DELETE the phishing attempt

 

For More Information

For more information about detecting Phishing, please visit the RIT Information Security Phishing page.

 

REMEMBER: RIT will NEVER ask for your password through e-mail.

Quick Infosec Tip: Many of us use smartphones or tablets to check our RIT email. Although we can’t hover our cursor over a link to see where the link goes, we can press on the link until we see the pop-up providing that information. We must be extremely cautious in clicking on links from our mobile devices.