RIT Information Security Alert: Important Message Phish

RIT Information Security Alert: Important Message Phish


RIT email users have received another phishing attack that mimics an RIT official message. PLEASE DON'T CLICK ON THE LINK AND PROVIDE YOUR INFO! You'll receive many of these phishing attempts throughout the academic year. We won't be able to warn you about all of them.

If you've received a message with the Subject Line: RIT: Important Message, do not click on the link. Here's the text of the message:

How do you know this is a phishing attack?

  • RIT does not send out emails with links to enroll your email accounts. 
  • If you hover your cursor over the link in the message, you'll note that the link included in the email does not link to an RIT address, although part of the link is very similar. (We've removed the link from this example. The link actually goes to a website in Sweden.) 
  • The phish uses a common technique of trying to impart a sense of urgency to get you to supply the requested information before you've had time to consider the request. (If RIT was making a change of this nature, you would have received information through RIT Message Center, among other official channels.)
  • For more information about Phishing, please visit the RIT Information Security Phishing page.

What RIT is doing to protect you

  • RIT is working to block the phishing/malware attacks from reaching RIT e-mail accounts.
  • myMail.rit.edu has not been compromised.
  • SentinelOne antivirus software with up-to-date virus definitions will protect against viruses and many other threats that may be associated with phishing emails.
  • MySpam will block many of these phishing e-mails. However, senders actively modify messages to avoid spam traps like Brightmail, and that allows a few to slip through.

What you can do to protect yourself

  • Delete the e-mail. If you clicked on the link, change your password NOW, scan your systems for viruses and spyware,  and report the situation to your IT support (SCOB, NTID, ITS Service Desk, etc.).
  • Visit the RIT Information Security Phishing page at http://www.rit.edu/security/content/phishing for information on keeping yourself safe from phishing attempts.

Remember: RIT will NEVER ask for your password through e-mail.