RIT Information Security Alert: Your RIT account information Phish

Many RIT faculty, staff, and students have received an email informing recipients that there’s been a database update and they must follow the link and update their account information. The link leads to a spoofed copy of the RIT login page. A copy of the phish is provided below.

 

Sample Phishing Email

From: Rochester Institute of Technology <Sender email address>
Date: Thu, Mar 2, 2017 at 6:01 PM
Subject: Your RIT account information
To: recipient email address

Hello,

Due to a recent update in our database, its is important that you update you account information. Please follow the link below to update your account.

Update Link

Thank you.

Regards,

Rochester Institute of Technology

 

How do I know this is a phishing attempt?

  • RIT doesn’t send this type of email out.
  • RIT will never request password information through email.
  • The link went to a non-RIT website. (We’ve changed the link.)
  • There are grammar and spelling issues.

 

What is RIT doing to protect me?

  • RIT contacted the website hosting the phishing site.

 

What can I do to protect myself?

RID RIT of the phishing attempt

  • REPORT the phishing attempt to spam@rit.edu and infosec@rit.edu
  • INSPECT your computer if you clicked on the link by running a virus scan. (Change your password if you provided it.)
  • DELETE the phishing attempt

 

For More Information 

 

REMEMBER: RIT will NEVER ask for your password through e-mail.

 

Quick Infosec Tip: Do you know how to back up your information? Visit https://www.rit.edu/security/content/backing-your-data for recommendations.