Many RIT faculty, staff, and students have received an email informing recipients that there’s been a database update and they must follow the link and update their account information. The link leads to a spoofed copy of the RIT login page. A copy of the phish is provided below.
Sample Phishing Email
From: Rochester Institute of Technology <Sender email address>
Date: Thu, Mar 2, 2017 at 6:01 PM
Subject: Your RIT account information
To: recipient email address
Due to a recent update in our database, its is important that you update you account information. Please follow the link below to update your account.
Rochester Institute of Technology
How do I know this is a phishing attempt?
- RIT doesn’t send this type of email out.
- RIT will never request password information through email.
- The link went to a non-RIT website. (We’ve changed the link.)
- There are grammar and spelling issues.
What is RIT doing to protect me?
- RIT contacted the website hosting the phishing site.
What can I do to protect myself?
RID RIT of the phishing attempt
- REPORT the phishing attempt to email@example.com and firstname.lastname@example.org
- INSPECT your computer if you clicked on the link by running a virus scan. (Change your password if you provided it.)
- DELETE the phishing attempt
For More Information
- For more information about detecting Phishing, please visit the RIT Information Security Phishing page.
REMEMBER: RIT will NEVER ask for your password through e-mail.
Quick Infosec Tip: Do you know how to back up your information? Visit https://www.rit.edu/security/content/backing-your-data for recommendations.