Are you the
Weakest Link

Get information on how to safely remove private information from your devices and stay protected. The chain of security is in your hands.

Learn more »

Guard your
Private Information

The Private Information Management Initiative (PIMI) seeks to identify and reduce the amount of private information found on RIT computers and storage devices.

Learn More »

Learn about

The ongoing evolution of digital communication also brings about the evolution of scammers and their methods. Phishing is one kind of such fraud, in which the attacker masquerades as a reputable individual or group, in order to trick users into revealing their private information. Check out our resources to learn how not be baited and reeled in!

Learn more »

Welcome to
Information Security

The Information Security Office provides leadership to the RIT community in safeguarding the confidentiality, integrity and availability of RIT’s  information resources.

Learn more »


RIT Information Security Advisory: Published Accounts of Hacker Breaching RIT

A Russian-speaking hacker provided a list to an online publication claiming that he had breached 63 different agencies and institutions. RIT was one of the institutions on the list.

The term “breach” is a bit of a misnomer. The attacker found what’s known as a SQL injection vulnerability in one student website hosted on A SQL injection vulnerability typically occurs when someone is able to enter unexpected data (such as commands) into a login field, gaining access to portions of the database to which they shouldn’t have access.

What RIT is Doing

RIT is remediating and verifying... ...

RIT Information Security Advisory: Tax Season Scams, Fraud Activity

Each tax season we hear of tax scams. The IRS issues many alerts about various scams and we've provided links to several of them below. As they did last year, cybercriminals are targeting tax professionals (and even payroll departments) to obtain identity information, buying and selling blocks of W2 information on the Dark Web. You can’t prevent the cybercriminals from obtaining your information from 3rd parties. However, you can better protect your information and lessen the possibility of being a victim of tax fraud.

Brian Krebs, a noted security expert and researcher, recommends the following steps:

  • File before the
  • ... ...

RIT Information Security Advisory: Job Scams!

The FBI has released a public service announcement warning college students of common employment scams, These scams often result in financial loss to participating students.

The FBI public service announcement described general employment scams targeting college students. Although we haven’t had any cases reported to us recently, RIT students have fallen victim to various employment scams previously, including ones similar to the example described below. We want to help you identify future scams.

How the Scam Words (from the FBI PSA)

  • Scammers post online job advertisements soliciting college students for administrative positions.
  • The student employee receives counterfeit checks in the
  • ... ...

RIT Information Security Alert: Ransomware on Campus from Academic Program Inquiry

A computer in an RIT department was infected with ransomware from a file attachment purporting to be an example of work from a student. The student name on the email was spoofed. The email had been caught in the RIT spam filter. However, the spoofed sender name looked authentic and the recipient released the email and opened the zipped attachment, triggering the ransomware attack.

Sample Phishing Email

Sender: (name changed)

Recipients: <RIT username>

Subject:  Re: RIT Application

[Executable Attachment]

Respected Sir,

I have submitted my application for <Specific RIT Program.>

I have attached an example... ...

RIT Information Security Alert: Phishing Attempts with Executable Attachments

RIT people are receiving email with attachments that appear to be purchase orders. We’ve provided an example below. Note that the sender, subject line, and attachment name may all vary.

Sample Phishing email

Attachment: Order No. 1710010.gz [attachment name may vary]

From: Tracey Adams <order at>
Date: Thu 1/5/2017 5:27 AM
Subject: [Executable Attachment]Order No. 1710010

Good Morning,

Happy New Year !!! 

Find attached our new purchase order 1710010 

Your confirmation order is required in the next 48 hours Indicating 
possible differences in dates, prices, 
quantities, ...... ...