Welcome to
Information Security

The Information Security Office provides leadership to the RIT community in safeguarding the confidentiality, integrity and availability of RIT’s  information resources.

Learn more »

Are you the
Weakest Link

Get information on how to safely remove private information from your devices and stay protected. The chain of security is in your hands.

Learn more »

Guard your
Private Information

The Private Information Management Initiative (PIMI) seeks to identify and reduce the amount of private information found on RIT computers and storage devices.

Learn More »

Learn more
InfoSec About Us Lock + Cable
Sentinel - Standards and Policies
,
Learn about
Phishing

The ongoing evolution of digital communication also brings about the evolution of scammers and their methods. Phishing is one kind of such fraud, in which the attacker masquerades as a reputable individual or group, in order to trick users into revealing their private information. Check out our resources to learn how not be baited and reeled in!

Learn more »
 
 

RIT Information Security Education--How to Know if You've Been Hacked

Submitted by sxmiso on Tue, 07/25/2017 - 16:14

Compromised accounts happen. Quick identification and response can reduce the harm done to your account and your personal information.

How to know if you’ve been hacked:

  • Your friends tell you. They’ve received a spammy or phishy e-mail from your email account, social media, messaging apps, or SMS.
  • Your phone tells you. Battery and data usage are higher than normal. Charges for premium SMS numbers show up on your bill.
  • Your merchants or bank tell you.You receive collection calls.
    • ... ...

RIT Information Security Alert—Payroll message! Phish

Submitted by sxmiso on Tue, 06/27/2017 - 14:41

Why am I receiving this message?

Many RIT faculty, staff, and students have received an email masquerading as an important message regarding 2017 payroll.

Sample Phishing Email

-----------------------------------------

From: myRIT <Sender email address>
Date: Mon, June 26, 2017 at 6:06 PM
Subject: Payroll message!
To: recipient email address

1 New Notification Regarding Your 2017 Payroll

http://www.rit.edu/h/payroll/2017/f0rms.pdf <The original link goes to a page that looks like an RIT login page. We’ve replaced it.>

University of Florida.

-----------------------------------------

How do I know this is a phishing attempt?

    • ... ...

RIT Information Security Alert--Campus Notification Phishing Attempt

Submitted by sxmiso on Tue, 06/27/2017 - 10:10

RIT people are receiving an email masquerading as a Campus Notification sent from the RIT Message Center. The message is originating from off campus and includes a link to a non-RIT address. Clicking on the link will take you to the phishing site.

Here’s the phishing email:

-------------------------------------------------------------------------------

From: "RIT Message" <k.milne-15@student.lboro.ac.uk>
Date: Apr 10, 2017 5:55 PM
Subject: Campus notification
To: <RIT ADDRESSEE>
Cc:

Hi there,

You have an important campus notification Follow the link to read the notofication

Campus notification

Thank you.

RIT Campus Notification,... ...

RIT Information Security Alert--Memo from HR Department Phishing Attempt

Submitted by sxmiso on Thu, 06/08/2017 - 10:03

Here’s the phishing email:

-------------------------------------------------------------------------------

From: John Daniel <offsiteaddress>

Subject: Memo from HR Department
To: <RIT ADDRESSEE>

Greetings,

 

You have a message from the Human Resources Department.

 

Click here to view your message <Link goes to spoofed Outlook Web Access page>

 

Copyright © 2017. All rights reserved.

------------------------------------------------------------

How do I know this is a phishing attempt?

  • The days of looking at an email and knowing immediately that it's a phishing attempt
    • ... ...

RIT Information Security Advisory: Stealthy Word-wire Cyberattack

Submitted by awmiso on Fri, 05/19/2017 - 11:33

Cybersecurity firms are warning of an additional attack that targets the same vulnerabilities targeted by the WannaCry ransomware. Unlike WannaCry, this is not a ransomware attack. Instead the attackers take control of your computer and use it to mine virtual currency (cryptocurrency).

The issue for you is that even though the attackers haven’t yet encrypted your files and demanded a ransom, they’re still able to do that at any time, and they also have access to all files stored on your computer. You MAY notice a slowdown in how fast your computer runs or be unable to access specific resources.... ...