RIT Phish Bowl

Report a Phish

If you receive a suspicious email, and it is not already posted here, please report it!

Send an email to spam@rit.edu with the phishing attempt attached.

Annotated screenshot of job scam phishing email.
(PART TIME) Admin-Assistant Remote POSITION! job scam email

Please note that this job scam is being received from multiple email addresses. Multiple "tells" to indicate it's not a legitimate email: Liaise, other debts, request for an alternative e.mail address.

 

Read more
Screenshot of phishing attempt with annotations. Redacted text of phish provided with this screenshot.
Accounts Payable Google Shared File Business Email Compromise/Phish

From: RIT SENDER (via Google Docs) 
Sent: Wednesday, February 8, 2023 1:48 PM
To: RIT RECIPIENTS
Subject: Document shared with you: "Accounts Payable Department Docx .docx"

Read more
2023 Payroll Payment and Grants Scheduled document in Google Drive. The document is a form that is used to capture usernames and passwords.
2023 Payroll Payment and Grants Scheduled Phish

RIT is receiving emails that appear to come from RIT leaders with a link to a 2023 Payroll Payment and Grants Scheduled document in Google Drive. The document is a form that is used to capture usernames and passwords.

Read more
Screenshot of 2023 Staff Salary Structure Form phish. The form requests email address and password.
2023 Staff Salary Structure Form (Phish)

RIT is receiving spoofed messages purportedly from RIT leaders providing a link to a 2023 Staff Salary Structure Form. The form is used to collect usernames and passwords. If you've responded to the form, please change your password and report any unexpected Duo prompts.

Read more
Screenshot of Administrative Assistant Remote Job Scam (fully described in text)
Administrative Assistant Remote Job

Job scam email being sent out from compromised RIT accounts.

Read more
Screen shot of work-from-home scam. Indicators that it's not legitimate include the lack of recipient address, the request for a non-university email address, and multiple grammar and punctuation errors.
Part-time $500 work-from-home job

RIT received a job scam email between September 3 and 4.

Read more
Google Drive notifications are often integrated into Slack. The screenshot shows a Slack notification. Note that the Spoofed RIT Send name has an external email address. There are no other indications that it's not authentic.
Slack notification for Google Shared File Phish

Google Drive notifications are often integrated into Slack. The screenshot shows a Slack notification. Note that the Spoofed RIT Send name has an external email address. There are no other indications that it's not authentic.

Read more
Screenshot of Google Shared File Notification that indicates how to tell if the sender is from within RIT. There is an External Email address displayed in the message and there's a warning that the sender is outside your organization
Google Shared File Business Email Compromise/Phish

Message appears to be from RIT sender and asks the recipient to open the shared file.

There are two clues in the message indicating it's not from the RIT sender.

  • Under "shared an item" there's an external email address.
  • There's a warning that the Sender is outside your organization
Read more
Annotated screenshot of WHO job scam phishing email.
WHO Summer Job Scam

Beginning July 5, 2022, RIT received a few variations of a job scam email advertising a job with the WHO (World Health Organization).

Read more
Mailbox storage phish
UNICEF Job Scam
UNICEF Job Scam

February 15, 2022

Read more
New Covid 19 benefits phish
Emergency Email Phishing Attempt
Emergency Mailbox Storage Phish

Phish reported 2/15/2022. 

Read more
Screenshot of job scam email showing internal email address, missing addressee, Gmail contact address, inconsistent capitalization
Survey Analyst Job Scam

Job scam email received beginning January 21, 2022

Read more
Business email compromise reconnaissance attempt
Spoofed Message From Rit Leaders

The email below was sent by an attacker gathering text messaging information.

Read more
Screenshot of Covid-related phishing message with callouts added to identify signs that it is a phish.
Example of Get Paid by Driving Job Scam email offering $500 and linking to a Google form for more information
Get Paid By Driving Job Scam

Job Scam email with a link to a Google form for you to enter contact information

Read more
Screenshot of phishing attempt. Here's the text: Subject: Password Requirement Pending Friday, July 30, 2021 Your Password on snhu.edu has expired today and will be blocked anytime. You are advised to keep the same password using the below button to avoid losing your data. KEEP SAME PASSWORD
Password Requirement Pending Friday

The phishing attempt below was sent from a compromised internal email account. We're excited that so many you reported it promptly!

Read more
Immigration Phish
Citizenship & Immigration Scam

22 July 2021

A phishing email seeming to notify RIT students of issues with their immigration and citizenship status. This email urges students to click on the provided link or call the number to avoid arrest and any further problems. Below is a list of several red flags found in the email and a screenshot of the phish:

Read more
Business email compromise screenshot
Available

First step in a business email compromise (BEC) account is reconnaissance. This email looks harmless, but enables the attacker to start a dialog with the recipient. After engaging in conversation, the attacker will typically ask the recipient to purchase gift cards, and provide the numbers to them. The attacker will cash out the gift cards within seconds.

Read more


For more information about staying safe online, visit Prevent Phishing