RIT is seeing a recent increase in phishing attempts to gain access to myInfo/eBiz. Since last week, many attempts to gain access to myInfo/eBiz have been made. RIT employees (including student employees) who have not yet signed up for Multi-factor Authentication at RIT (MFA) are at risk, because the hackers are able to enroll usernames in MFA and gain access to protected accounts and information. We suspect that Friday’s phishing attempt was used to collect usernames and passwords.
What can I do to protect myself?
- Sign up for MFA today by visiting the ITS MFA page and following the prompts! That’s the best way to protect your myInfo account.
- If you receive a notification from Duo and you’re not trying to login to an MFA-protected RIT website, please report the incident to the ITS Service Desk.
- Never respond to an email request for your username or password.
- To check the validity of an email from ITS, contact the ITS Service Desk (5-4357)
- Hover your cursor over the link to determine where it will take you. If it’s to a non-RIT URL, don’t click on it.
- To determine where a link goes when using a smartphone, press down on the link until the destination address appears. Don’t just click on the link.
- If the email appears to come from RIT, but is asking for something outside a normal process or has an unexpected link or attachment, confirm with the sender that it’s legitimate.
RID RIT of phishing attempts
- REPORT phishing attempts to email@example.com and firstname.lastname@example.org.
- INSPECT your computer if you clicked on a suspicious link by running a virus scan. Change your password if you provided it.
- DELETE the phishing attempt(s)
To see which phish have been reported to us, visit the new RIT Phishbowl