Important-Please Update your RIT.EDU details Phishing Attack on RIT Community
Why am I receiving this message?
RIT users are being targeted by a phishing email with the subject line "Important! Please Update Your RIT.EDU Details!" Clicking the link takes you to a spreadsheet in Google Docs. If you look at the email closely, you'll see a number of indicators that it's a phishing attempt. Several members of the RIT community have reported similar phishing attempts to us today.
Note that we also saw a phishing attempt with the Subject line "Dear Student" purportedly from the Computer Science Department last week.
Delete these messages.
Here's the text of the email:
From: Susan Linville <firstname.lastname@example.org>
Date: Monday, July 30, 2012 10:51 AM
Subject: Important! Please Update Your RIT.EDU Details!
Please open the below site to update your contact Details:
Rochester Institute of Technology Update
Powered by Admin in collaboration with Google.
Email Disclaimer: Please be advised that the contents of this message and any reply may be subject to disclosure under North Carolina law. This communication is for use by the intended recipient and contains information that may be privileged, confidential, or copyrighted under applicable law. If you are not the intended recipient, you are hereby formally notified that any use, copying, or distribution of this communication, in whole or in part, is strictly prohibited. Please advise the sender immediately by reply e-mail and delete this message and any attachments without retaining a copy. This communication does not constitute consent to the use of sender's contact information for direct marketing purposes or for transfers of data to third parties.
What is RIT doing to protect me?
- RIT is working to block the phishing/malware attacks from reaching RIT e-mail accounts.
- myMail.rit.edu has not been compromised.
- SentinelOne Endpoint Protection with up-to-date virus definitions will protect against viruses and many other threats that may be associated with phishing emails. (Antivirus software is available free to RIT students, faculty, and staff for home use from http://www.rit.edu/its/services/security/).
- MySpam will block many of these phishing e-mails. However, senders actively modify messages to avoid spam traps like Brightmail, and that allows a few to slip through.
What can I do to protect myself?
Delete the e-mail. If you clicked on the CLICK HERE link, change your password NOW, scan your systems for viruses and spyware, and report the situation to your Help Desk (COB, NTID, ITS).
General protection against phishing scams
- NEVER RESPOND TO A REQUEST FOR YOUR PASSWORD sent by e-mail, even if the request appears legitimate. RIT will NEVER ask for your password through e-mail.
- Do not provide identity information, including credit card numbers, when you receive an unsolicited e-mail or phone call.
- Do not open attachments in unexpected or suspicious e-mails or instant messages.
- Do not click anywhere on the e-mail—even in what may appear to be white space.
- Delete the e-mail or instant message.
- If the e-mail or instant message provides a link to a site where you are requested to enter personal information, it may be a phish. The real link may also be masked. Move your mouse over the link and it may show a different address than the one displayed in the e-mail.
- Be selective in what sites you provide with your RIT e-mail address.
- Use a limited or non-administrator account when opening e-mail and browsing the Internet. A limited account will help protect you against many malware attacks. Finance and Administration (and some RIT colleges) already protect their users by giving them limited accounts. (A demo on setting up a limited account in Windows XP is available at /security/simulations/102a/102A1.html. Macintosh security instructions are at http://www.rit.edu/its/services/desktop_support/mac/xsecurityaudit.html.) Windows 7 provides built-in equivalent protection.
- Add an anti-phishing toolbar to Internet Explorer or Firefox. Anti-phishing toolbars help detect and may block known phishing sites. ITS is providing SentinelOne anti-phishing tools to ePO-managed users. All users were required to have anti-phishing software after August 1, 2009.
For more information
General scam and phishing information:
- Suspicious E-mails and Identity Theft https://www.irs.gov/uac/Suspicious-e-Mails-and-Identity-Theft-
- Current and archived lists of phishing scams at http://www.millersmiles.co.uk/
- FTC OnGuard Online http://www.onguardonline.gov/