Phishing

Recognize, Respond, Report

Phishing is a form of social engineering where the attacker attempts to trick people into revealing private information by sending fake emails that appear to be from reputable sources.

Recognize

  • Sender - Verify who the email is coming from. If you do not recognize the sender, or the 'reply' address is different, the email may be a phish.
  • Links - Check for suspicious-looking links included in the email. Hover your cursor over the link before clicking to identify the web address.
  • Attachments - An unexpected email that includes an attachment is a red flag.
  • Emotion - Most phishing emails use a sense of urgency or fear in an attempt to get the victim to act in favor of the sender.
  • Data - Never give away personal information such as passwords or social security numbers unless you are certain the source is legitimate.

Respond

  • Never respond with any personal information. 
  • Do not click any links or open any attachments.
  • Check RIT PhishBowl for the email. If it is not already there, forward the phishing attempt to spam@rit.edu.
  • Change your account password if you feel as though your password has been compromised; start.rit.edu.
  • Back up your data on a regular basis to limit the impact of a phishing scam.

Report

  • Report all possible phishing attempts to spam@rit.edu 
  • If you believe you have fallen victim to a phishing scheme contact the RIT service Center by phone at 585-475-5000, or online at help.rit.edu to open an incident report.

About Phishing Scams

  • Spear Phishing - Targets a specific group or person where emails are personalized to match internal communications at the target organization.
  • Whaling - Targets high-profile employees in order to steal private information involving employees or financial data for malicious intent.
  • Vishing - Phishing scams through phone calls or voice mails pretending to be from a reputable source in order to reveal personal information.
  • Smishing - Also called "SMS Phishing," this is a social engineering attack to gather information through text messages.
  • Business Email Compromise - A targeted email where the sender appears to be an executive in the organization.
  • Calendar Phishing - Malicious links are included in calendar invitations that are directly shared with targets.

For More Information

  • RIT PhishBowl - A grouping of phishing attempts reported at RIT.
  • GoogleGroups Phishing - Learn more about GoogleGroups phishing from the RIT ISO.
  • Spear Phishing - Learn more about spear phishing from the RIT ISO.
  • Educause 2019 - Social engineering tactics and prevention techniques. (external)
  • BEC Video - Awareness video about Business Email Compromise (external)