RIT Information Security Alert--Account Update Spear Phishing Attacks

RIT Information Security Alert--Account Update Spear Phishing Attacks

Why am I receiving this message?

RIT users have received account update phishing attempts masquerading as official RIT email.

If you've received messages with the Subject Line: RE: Outlook Account Update or Account Update, please delete them. The messages read as follows, 

Message One

Subject: MailBox Alert

E -mail password will expires in two days. Click here:  to re- confirm your email address.to avoid disconnection from our data base

Admin dest
192.168.0.1

Message Two

Re-validate your account, your account will be temporarily un-accessible and suspended from receiving and sending messages Click here to Re-validate 

How do I know that these emails are spear phishing attempts?

  • RIT does not send out emails requesting your password or asking you to validate your account.
  • You'll note that the sender addresses are not even associated with RIT. (There are several different sender addresses.)
  • If you hover your cursor over the links, you'll see that the links are to external websites, not to RIT.
  • The spear phishes use a common technique of trying to impart a sense of urgency and trying to get you to supply the requested information quickly.
  • These examples don't include the sender contact information required by the RIT Signature Standard.
  • Spear phishing is directed to a limited target audience; in this case. RIT users. 
  • For more information about Phishing, please visit the RIT Information Security Phishing page.

What is RIT doing to protect me?

  • RIT is working to block the phishing/malware attacks from reaching RIT e-mail accounts.
  • myMail.rit.edu has not been compromised.
  • SentinelOne Endpoint Protection with up-to-date virus definitions will protect against viruses and many other threats that may be associated with phishing emails. (Antivirus software is available free to RIT students, faculty, and staff for home use from http://www.rit.edu/its/services/security/).
  • MySpam will block many of these phishing e-mails. However, senders actively modify messages to avoid spam traps like Brightmail, and that allows a few to slip through.

What can I do to protect myself?

Delete the e-mail. If you clicked on the link, change your password NOW, scan your systems for viruses and spyware, and report the situation to your Help Desk (Resnet, SCOB, NTID, ITS).

Report phishing attempts by creating a new message to spam@rit.edu and dragging the suspected phishing message into the new message. 

Visit the RIT Information Security Phishing page at http://www.rit.edu/security/content/phishing for information on keeping yourself safe from phishing attempts.

REMEMBER: RIT will NEVER ask for your password through e-mail.