RIT Phish Bowl

Report a Phish

If you receive a suspicious email, and it is not already posted here, please report it!

Send an email to spam@rit.edu with the phishing attempt attached.

Personal Assistant Remote Position job scam email (5-6-2024)

Indicators include request for PERSONAL "Email Address" For Consideration. Sent from compromised RIT account.


Phishing email with fake application portal.

Received 3/24/2024

This phish included a spoofed RIT Duo page.



Mrs. Lu is giving away a violin, camera, piano, and guitar. You pay shipping!


11/15/2023 Email from thankview.com

Note, this is a legitimate email, not a phish.

Reported 10/4/2023

Various subject lines. Allegedly a subscription renewal from McAfee Customer Support.



Reported 10/3/23

Note the inconsistencies in the email and that the attacker asks for a personal email address. 


Reported September 2023

The main concern is the QR Code? Where will it take you? Will it go to a malicious website? There are a few indicators that this is not legitimate, specifically since both NYU and Purdue are mentioned in the email. We've updated the QR code so it takes you to the RIT Phish Bowl.

Reported September 2023

This is an example of Microsoft OneDrive being used to send a phishing message with a malicious attachment. Were you expecting this report? Is the sender legitimate?

Reported September 2023

This is a phishing attack that came through Microsoft Sharepoint. Note that the email poses as a forward from President Munson and the recipient of the forward is an RIT leader.

Reported September 2023

This is an example of a Business Email Compromise attack. The attacker is spoofing the name of an RIT leader and attempting to get the recipient to do something for them. In this case, they're allegedly asking to help with a payment.

Reported September 2023

Multiple indicators that this email isn't authentic.

Reported in September 2023
This is phish that provides a link to an external website compromised or belonging to the attacker. Note the external sender.


Business Email Compromise attack. Note the generic external email address. You would verify with a known address to determine if it was real. 


This attempt came from outside RIT (as noted in the header). If you're not expecting a document to be shared with you, confirm through a known internal email that it's legitimate.

Staff member giving away piano scam. Note the request to reply with a personal email address so that RIT won't be able to block future communications. The goal of this scam is to get people to pay shipping charges.


Please note that this job scam is being received from multiple email addresses. Multiple "tells" to indicate it's not a legitimate email: Liaise, other debts, request for an alternative e.mail address.


From: RIT SENDER (via Google Docs) <drive-shares-dm-noreply @ google.com>
Sent: Wednesday, February 8, 2023 1:48 PM

RIT is receiving emails that appear to come from RIT leaders with a link to a 2023 Payroll Payment and Grants Scheduled document in Google Drive. The document is a form that is used to capture usernames and passwords.

RIT is receiving spoofed messages purportedly from RIT leaders providing a link to a 2023 Staff Salary Structure Form. The form is used to collect usernames and passwords. If you've responded to the form, please change your password and report any unexpected Duo prompts.

For more information about staying safe online, visit Prevent Phishing