RIT Information Security Alert -- Phishing Attacks Targeting RIT
A number of RIT computer users are clicking on links and supplying passwords in response to messages that may appear to be official RIT communications. There are several phishing attempts circulating around RIT. Here are a couple of them with hints on how to recognize that they're phishing attempts.
If you've received a message similar to these or that in any way looks suspicious, please delete it.
How do I know this is a phishing attempt?
- RIT will NEVER ask for your password through e-mail.
- You'll note that the links included in the emails do not link to an RIT address, although it's very similar.
- The phish uses a common technique of trying to impart a sense of urgency to get you to supply the requested information quickly.
- For more information about phishing, please visit the RIT Information Security Phishing page.
What is RIT doing to protect me?
- RIT is working to block the phishing/malware attacks from reaching RIT e-mail accounts.
- myMail.rit.edu has not been compromised.
- SentinelOne and other antivirus programs (with up-to-date virus definitions) will protect againts viruses and many other threats that may be associated with phishing emails. (Antivirus software is available free to RIT students, faculty, and staff for home use from http://www.rit.edu/its/services/security/).
- MySpam will block many of these phishing e-mails. However, senders actively modify messages to avoid spam traps like Brightmail, and that allows a few to slip through.
What can I do to protect myself?
- Think before you click. Don't be rushed.
- Delete the e-mail. If you clicked on the link, change your password NOW, scan your systems for viruses and spyware, and report the situation to your Help Desk (SCOB, NTID, ITS).
- Visit the RIT Information Security Phishing page at http://www.rit.edu/security/content/phishing for information on keeping yourself safe from phishing attempts.