RIT PhishBowl

phishy line-up photo




Welcome to the RIT PhishBowl, your source for the latest phishing attempts reported at RIT




How do I use the RIT PhishBowl?

If you receive a suspicious email, visit the RIT PhishBowl and scan the list of recent phishing alerts. If the email is posted, there's no need to report it. Simply delete the email and you're done.

If the suspicious email is not posted to the RIT PhishBowl, report the phish:
  1. Open a new mail note
  2. Drag the phishing attempt into the new mail note
  3. Send the mail note to spam@rit.edu


Citizenship & Immigration Scam

Recieved July 22, 2021

A phishing email seeming to notify RIT students of issues with their immigration and citizenship status. This email urges students to click on the provided link or call the number to avoid arrest and any further problems. Below is a list of several red flags found in the email and a screenshot of the phish:

  • Creating a sense of urgency.
  • Spelling and grammar miskates.
  • A suspisiocus link.
  • Sender's name is missing.

 

AVAILABLE

First step in a business email compromise (BEC) account is reconaissance. This email looks harmless, but enables the attacker to start a dialog with the reciepient. After engaging in conversation, the attacker will typically ask the recipient to purchase gift cards, and provide the numbers to them. The attacker will cash out the gift cards within seconds.

All Students and Members of Staff are to update their EDU

Recieved 12 April 2021

A phishing email encouraging all students and staff members to update their "EDU" in order to access new features and avoid an account deactivation. Below you will find a list of red flags within the email and a screenshot of what the phish looked like.

Red flags in the email:

  • Sender's emaiis not RIT administered.
  • Creating a sense of urgency.
  • Spelling and grammar miskates.
  • A suspisiocus link.

 

No Kid Hungry Job Scam

Received mid March 2021

A phishing email purporting to offer a work from home opportunity for No Kid Hungry was received by the RIT Community. 

There are several cues in the message that it's not authentic. I've included a screenshot of the phish, but here's a list of cues:

  • Sender address is not associated with the company offering the work
  • There is no addressee name
  • There is inconsistent capitalization and punctuation
  • Contact email is a gmail address
  • Job description is typical of work-at-home scams.

 

Fake COVID 19 Maps

There is a malicious website masquerading as a live map for Coronavirus COVID-19 Global Cases by Johns Hopkins University that is circulating on the Internet to entice unwitting users to visit.  Visiting the website infects the user with the AZORult trojan, an information stealing program which can exfiltrate a variety of sensitive data.  The URL for the malicious site is (corona-virus-map[dot]com).