RIT Phish Bowl

Report a Phish

If you receive a suspicious email, and it is not already posted here, please report it!

Send an email to spam@rit.edu with the phishing attempt attached.

From: RIT SENDER (via Google Docs) <drive-shares-dm-noreply @ google.com>
Sent: Wednesday, February 8, 2023 1:48 PM

RIT is receiving emails that appear to come from RIT leaders with a link to a 2023 Payroll Payment and Grants Scheduled document in Google Drive. The document is a form that is used to capture usernames and passwords.

RIT is receiving spoofed messages purportedly from RIT leaders providing a link to a 2023 Staff Salary Structure Form. The form is used to collect usernames and passwords. If you've responded to the form, please change your password and report any unexpected Duo prompts.

Job scam email being sent out from compromised RIT accounts.

RIT received a job scam email between September 3 and 4.

Google Drive notifications are often integrated into Slack. The screenshot shows a Slack notification. Note that the Spoofed RIT Send name has an external email address. There are no other indications that it's not authentic.

Message appears to be from RIT sender and asks the recipient to open the shared file.

There are two clues in the message indicating it's not from the RIT sender.

  • Under "shared an item" there's an external email address.
  • There's a warning that the Sender is outside your organization

Beginning July 5, 2022, RIT received a few variations of a job scam email advertising a job with the WHO (World Health Organization).

February 15, 2022

Phish reported 2/15/2022. 

Job scam email received beginning January 21, 2022

The email below was sent by an attacker gathering text messaging information.

Job Scam email with a link to a Google form for you to enter contact information

The phishing attempt below was sent from a compromised internal email account. We're excited that so many you reported it promptly!

22 July 2021

A phishing email seeming to notify RIT students of issues with their immigration and citizenship status. This email urges students to click on the provided link or call the number to avoid arrest and any further problems. Below is a list of several red flags found in the email and a screenshot of the phish:

First step in a business email compromise (BEC) account is reconnaissance. This email looks harmless, but enables the attacker to start a dialog with the recipient. After engaging in conversation, the attacker will typically ask the recipient to purchase gift cards, and provide the numbers to them. The attacker will cash out the gift cards within seconds.

8 June 2021

A phishing email purporting to offer a work opportunity for a cryptocurrency company was received by the RIT Community.

For more information about staying safe online, visit Prevent Phishing