RIT Information Security Alert--Your Direct Deposit was Declined Phishing Attack

RIT Information Security Alert--Your Direct Deposit was Declined Phishing Attack


Why am I receiving this message?

RIT continues to receive phishing attacks this fall, some disguised as delivery confirmations or declined payment notices.

If you've receive a message asking for your password or login credentials, please delete it. Here's an example of a recent phish we've received, designed to trick you into logging into what you think is a legitimate website where you'll enter login information. Here's the phish that was reported to us today.

We regret to notify you, that your most recent Direct Deposit via ACH payment (#785100159699) was cancelled, due to your business software package being out of date. The detailed information about this matter is available in the secure section of our web site:
Please consult with your financial institution to obtain the necessary updates of the Direct Deposit software.
Best regards,
ACH Network Rules Department
NACHA | The Electronic Payments Association
13450 Sunrise Valley Drive, Suite 100
Herndon, VA 20171
Phone: 703-561-1100 Fax: 703-787-0996

How do I know this is a phishing attempt?

  • If you examine the original email, you'll see a couple of tips that the email is a phishing attempt. In the From: field, you'll see that the nacha.org address is really an ameriton.com address.
  • If you were to hover over the Details link with your mouse, you'd see that the link goes to onedirectionfanclub, not nacha.org. (Onedirectionfanclub is probably a hacked website.)

What is RIT doing to protect me?

  • RIT is working to block the phishing/malware attacks from reaching RIT e-mail accounts.
  • myMail.rit.edu has not been compromised.
  • SentinelOne with up-to-date virus definitions will protect against viruses and many other threats that may be associated with phishing emails. (Antivirus software is available free to RIT students, faculty, and staff for home use from http://www.rit.edu/its/services/security/).
  • MySpam will block many of these phishing e-mails. However, senders actively modify messages to avoid spam traps like Brightmail, and that allows a few to slip through.

What can I do to protect myself?

Delete the e-mail. If you clicked on the link, change your password NOW, scan your systems for viruses and spyware,  and report the situation to your Help Desk (SCOB, NTID, ITS).

Visit the RIT Information Security Phishing page at http://www.rit.edu/security/content/phishing for information on keeping yourself safe from phishing attempts.

REMEMBER: RIT will NEVER ask for your password through e-mail.