RIT INFORMATION SECURITY ALERT -- Multiple Phishing Attacks
Why am I receiving this message?
RIT email users have received yet another round of phishing attacks that mimic RIT official messages.
If you've received a message asking to confirm your password, please delete it. Here's a screenshot of a phish that's currently being received by RIT users:
(click to view larger version)
Here's a second phish we've had reported to us this week:
How do I know these are phishing attempts?
- ITS does not send out emails requesting login information.
- You'll note that the links included in the emails do not link to an RIT address. (We've removed the links from these examples.)
- The phishes use a common technique of trying to impart a sense of urgency and trying to get you to supply the requested information quickly.
- These are common phishing attempts. If you had trouble identifying them, please visit the RIT Information Security Phishing page.
What is RIT doing to protect me?
- RIT is working to block the phishing/malware attacks from reaching RIT e-mail accounts.
- myMail.rit.edu has not been compromised.
- McAfee VirusScan with up-to-date virus definitions will protect against viruses and many other threats that may be associated with phishing emails. (Antivirus software is available free to RIT students, faculty, and staff for home use from http://www.rit.edu/its/services/security/).
- MySpam will block many of these phishing e-mails. However, senders actively modify messages to avoid spam traps like Brightmail, and that allows a few to slip through.
What can I do to protect myself?
- Delete the e-mail. If you clicked on the link, change your password NOW, scan your systems for viruses and spyware, and report the situation to your Help Desk (SCOB, NTID, ITS).
- Visit the RIT Information Security Phishing page at http://www.rit.edu/security/content/phishing for information on keeping yourself safe from phishing attempts.
- REMEMBER: RIT will NEVER ask for your password through e-mail.