RIT PhishBowl

phishy line-up photo

Welcome to the RIT PhishBowl, your source for the latest phishing attempts reported at RIT

How do I use the RIT PhishBowl?

If you receive a suspicious email, visit the RIT PhishBowl and scan the list of recent phishing alerts. If the email is posted, there's no need to report it. Simply delete the email and you're done.

If the suspicious email is not posted to the RIT PhishBowl, report the phish:
  1. Open a new mail note
  2. Drag the phishing attempt into the new mail note
  3. Send the mail note to spam@rit.edu

Fake COVID 19 Maps

There is a malicious website masquerading as a live map for Coronavirus COVID-19 Global Cases by Johns Hopkins University that is circulating on the Internet to entice unwitting users to visit.  Visiting the website infects the user with the AZORult trojan, an information stealing program which can exfiltrate a variety of sensitive data.  The URL for the malicious site is (corona-virus-map[dot]com). 

Get Paid to Drive Scam

A number of colleges and universities are reporting a new scam where students are paid to have advertising placed on their cars. The students receive a check and are asked to forward a portion of the funds. The check is fraudulent, but usually gets through the initial bank screening. Please report any emails offering this to spam@rit.edu. If you or someone you know has fallen for the scam, please contact RIT Public Safety.

Are you available?

We’re seeing a large number of attempted Business Email Compromise (BEC) emails where the scammer impersonates a manager or leader to engage the recipient in a conversation thread. There’s no initial request, but once a conversation is started, the scammer will ask the recipient to purchase a number of gift cards (or engage in a financial transaction). Industry reports indicate a high susceptibility rate to this type of scam.

BEC attempt example:

Email #1