RIT Phish Bowl

Report a Phish

If you receive a suspicious email, and it is not already posted here, please report it!

Send an email to spam@rit.edu with the phishing attempt attached.

Reported September 2023

The main concern is the QR Code? Where will it take you? Will it go to a malicious website? There are a few indicators that this is not legitimate, specifically since both NYU and Purdue are mentioned in the email. We've updated the QR code so it takes you to the RIT Phish Bowl.

Reported September 2023

This is an example of Microsoft OneDrive being used to send a phishing message with a malicious attachment. Were you expecting this report? Is the sender legitimate?

Reported September 2023

This is a phishing attack that came through Microsoft Sharepoint. Note that the email poses as a forward from President Munson and the recipient of the forward is an RIT leader.

Reported September 2023

This is an example of a Business Email Compromise attack. The attacker is spoofing the name of an RIT leader and attempting to get the recipient to do something for them. In this case, they're allegedly asking to help with a payment.

Reported September 2023

Multiple indicators that this email isn't authentic.

Reported in September 2023
This is phish that provides a link to an external website compromised or belonging to the attacker. Note the external sender.


Business Email Compromise attack. Note the generic external email address. You would verify with a known address to determine if it was real. 


This attempt came from outside RIT (as noted in the header). If you're not expecting a document to be shared with you, confirm through a known internal email that it's legitimate.

Staff member giving away piano scam. Note the request to reply with a personal email address so that RIT won't be able to block future communications. The goal of this scam is to get people to pay shipping charges.


Please note that this job scam is being received from multiple email addresses. Multiple "tells" to indicate it's not a legitimate email: Liaise, other debts, request for an alternative e.mail address.


From: RIT SENDER (via Google Docs) <drive-shares-dm-noreply @ google.com>
Sent: Wednesday, February 8, 2023 1:48 PM

RIT is receiving emails that appear to come from RIT leaders with a link to a 2023 Payroll Payment and Grants Scheduled document in Google Drive. The document is a form that is used to capture usernames and passwords.

RIT is receiving spoofed messages purportedly from RIT leaders providing a link to a 2023 Staff Salary Structure Form. The form is used to collect usernames and passwords. If you've responded to the form, please change your password and report any unexpected Duo prompts.

Job scam email being sent out from compromised RIT accounts.

RIT received a job scam email between September 3 and 4.

Google Drive notifications are often integrated into Slack. The screenshot shows a Slack notification. Note that the Spoofed RIT Send name has an external email address. There are no other indications that it's not authentic.

Message appears to be from RIT sender and asks the recipient to open the shared file.

There are two clues in the message indicating it's not from the RIT sender.

  • Under "shared an item" there's an external email address.
  • There's a warning that the Sender is outside your organization

Beginning July 5, 2022, RIT received a few variations of a job scam email advertising a job with the WHO (World Health Organization).

February 15, 2022

For more information about staying safe online, visit Prevent Phishing