RIT Phish Bowl

Report a Phish

If you receive a suspicious email, and it is not already posted here, please report it!

Send an email to spam@rit.edu with the phishing attempt attached.

RIT received a job scam email between September 3 and 4.

Google Drive notifications are often integrated into Slack. The screenshot shows a Slack notification. Note that the Spoofed RIT Send name has an external email address. There are no other indications that it's not authentic.

Message appears to be from RIT sender and asks the recipient to open the shared file.

There are two clues in the message indicating it's not from the RIT sender.

  • Under "shared an item" there's an external email address.
  • There's a warning that the Sender is outside your organization

Beginning July 5, 2022, RIT received a few variations of a job scam email advertising a job with the WHO (World Health Organization).

February 15, 2022

Phish reported 2/15/2022. 

Job scam email received beginning January 21, 2022

The email below was sent by an attacker gathering text messaging information.

Job Scam email with a link to a Google form for you to enter contact information

The phishing attempt below was sent from a compromised internal email account. We're excited that so many you reported it promptly!

22 July 2021

A phishing email seeming to notify RIT students of issues with their immigration and citizenship status. This email urges students to click on the provided link or call the number to avoid arrest and any further problems. Below is a list of several red flags found in the email and a screenshot of the phish:

First step in a business email compromise (BEC) account is reconnaissance. This email looks harmless, but enables the attacker to start a dialog with the recipient. After engaging in conversation, the attacker will typically ask the recipient to purchase gift cards, and provide the numbers to them. The attacker will cash out the gift cards within seconds.

8 June 2021

A phishing email purporting to offer a work opportunity for a cryptocurrency company was received by the RIT Community.

Recieved 12 April 2021

A phishing email encouraging all students and staff members to update their "EDU" in order to access new features and avoid an account deactivation. Below you will find a list of red flags within the email and a screenshot of what the phish looked like.

Red flags in the email:

Received within RIT Campus Groups, April 2021

Received mid March 2021

A phishing email purporting to offer a work from home opportunity for No Kid Hungry was received by the RIT Community. 

There are several cues in the message that it's not authentic. I've included a screenshot of the phish, but here's a list of cues:

16 February 2021

A group of RIT students have received text messages allegedly from their professors asking them to go to the store and buy gift cards.  If you receive one, please contact the RIT Service Desk.


For more information about staying safe online, visit Prevent Phishing