We’ve received a spear phishing attempt (a phish targeted at a specific population) claiming that there is a security emergency on campus. The email asks the reader to access a linked REPORT and follow protocol. If you encounter this phish, please just delete it.
Here’s the text from the phishing attempt:
From: "Cullis, Barbara" <EMAIL ADDRESS>
Date: January 12, 2018 at 3:33:00 PM EST
To: Undisclosed recipients:;
Subject: Important Security Notification
There is a security emergency in Campus. Please go through REPORT released for update
and follow protocol.
What can I do to protect myself?
- Be vigilant! Never respond to an email request for your username or password.
- To check the validity of an email from ITS, contact the RIT Service Center (5-5000)
- Hover your cursor over the link to determine where it will take you. If it’s to a non-RIT URL, don’t click on it.
- To determine where a link goes when using a smartphone, press down on the link until the destination address appears. Don’t just click on the link.
- If the email appears to come from RIT, but is asking for something outside a normal process or has an unexpected link or attachment, confirm with the sender that it’s legitimate.
- NEVER give your password or any personal information out through e-mail.
RID RIT of phishing attempts
- REPORT phishing attempts to firstname.lastname@example.org
- INSPECT your computer if you clicked on a suspicious link by running a virus scan. Change your password if you provided it.
- DELETE the phishing attempt(s)