We’re receiving reports of attempts to use personal websites on people.rit.edu to collect user and password information through phishing emails. (People.rit.edu provides a way for the RIT community to create and publish personal websites with the address people.rit.edu/username>.) The emails appear to be from student accounts and contain a PDF file that links to a Google Form posted on various people.rit.edu websites. The Google Form requests username and password information.
Sample Phishing email
---------- Forwarded message ----------
Attachment: New_Blank_Document.pdf [attachment name may vary]
From: [Account Name] <firstname.lastname@example.org>
Date: Tue, Dec 13, 2016 at 12:39 PM
Subject: [Account Name]
[Student Signature Block]
1st Year Undeclared Business Major
Saunders College of Business
Rochester Institute of Technology
How do I know this is a phishing attempt?
- This one is pretty easy to detect: generic addressee, no information in the email, unexpected attachment.
- However, the days of looking at an email and knowing immediately that it's a phishing attempt are over. The sender address and the logo may look authentic. Pay attention to what the email is asking you to do, or if it has an unexpected attachment.
- RIT does not send out emails requesting your password or asking you to validate your webmail or assist with quarantine by clicking on a link, etc.
- Phish use a common technique of trying to impart a sense of urgency and trying to get you to supply the requested information quickly.
- You'll note that the sender address looks legitimate, and you may receive phishing attacks from spoofed or compromised RIT email accounts. (The ITS account was not compromised.)
- For more information about Phishing, please visit the RIT Information Security Phishing page.
What is RIT doing to protect me?
- RIT blocks most phishing/malware attacks from reaching RIT e-mail accounts.
- myMail.rit.edu has not been compromised.
- McAfee VirusScan (McAfee HIPS) with up-to-date virus definitions will protect against viruses and many other threats that may be associated with phishing emails. (Antivirus software is available free to RIT students, faculty, and staff for home use from http://www.rit.edu/its/services/security/).
- MySpam will block many of these phishing e-mails. However, senders actively modify messages to avoid spam traps, and that allows a few to slip through
What can I do to protect myself?
- Phishing attacks can come through emails, texts, social media messages, and phone calls. Be careful!
- Before clicking on any link, hover your cursor over the link to determine where clicking on the link will take you. On mobile devices, you can press on the link until you get the pop up showing the actual destination for the link.
- Delete the e-mail. If you clicked on the link, change your password IMMEDIATELY, scan your systems for viruses and spyware, and report the situation to your Help Desk (SCOB, NTID, ITS).
- Report phishing attempts by creating a new message to email@example.com and dragging the suspected phishing message into the new message.
- Visit the RIT Information Security Phishing page at http://www.rit.edu/security/content/phishing for information on keeping yourself safe from phishing attempts.
For More Information
- Visit the RIT Information Security website and explore our best practices for keeping you and your information safer on line. <http://www.rit.edu/security>
- For information on creating personal websites on people.rit.edu, visit https://people.rit.edu/index.php.
REMEMBER: RIT will NEVER ask for your password through e-mail.
Quick Infosec Tip: Watch out for increased phishing and scam attempts during the holiday, especially those masquerading as delivery notices or billing disputes.