RIT Information Security Alert: Payroll Services Email Addresses Updated Phish

RIT faculty and staff received an email Friday afternoon purportedly from RIT Payroll Services. The email claimed that recipient email addresses had been updated and asked recipients to click on a link and fill out a form if they had not updated them. A copy of the phish is provided below.

RIT Information Security contacted the company hosting the page with the form. The company removed the form within 15 minutes.

Sample Phishing Email

From: Payroll Services <payroll@rit.edu>
Date: Feb 17, 2017 3:34 PM
Subject: Email addresses updated
To:
Cc: 

This email is to confirm that you have successfully updated

your email via Self Service. <LINK REMOVED>

This update occurred on 02/17/2017 at 12:03 p.m.

If you did not update this information online, please go
to http://www.rit.edu/eid/help/stolen.html. <LINK REMOVED>

or call the Information Technology Services (ITS) Help
Desk at 800-436-000 for assistance.

Please note that if you have multiple email accounts with
Us, you may receive this message at each email
address. If you performed multiple updates, you may also
receive separate email confirmations.

Thank you,
Payroll Services

 

How do I know this is a phishing attempt?

  • RIT will never request password information through email.
  • Although the sending email address was spoofed, the links go to a non-RIT website.
  • Although the sending email address was spoofed, the links go to a non-RIT website.

 

What is RIT doing to protect me?

  • RIT contacted the company hosting the form. The company then removed the form, effectively ending the threat.

 

What can I do to protect myself?

RID RIT of the phishing attempt.

  • REPORT the phishing attempt to spam@rit.edu and infosec@rit.edu
  • INSPECT your computer if you clicked on the link by running a virus scan. (Change your password if you provided it.)
  • DELETE the phishing attempt

 

For More Information

 

REMEMBER: RIT will NEVER ask for your password through e-mail.

 

Quick Infosec Tip: How secure is your password? Visit the RIT Information Security Password page at https://www.rit.edu/security/content/password to discover how to create a secure password.