[Stc_presidents-discuss] RIT advisory about Spoofed Messages from Co-workers Requesting Financial Data

Ben Woelk ben.woelk at gmail.com
Mon Jul 11 19:30:43 UTC 2016

You can ignore all of the RIT-specific information in the email below, but
there are general tips (and links to more tips) that should prove helpful
when identifying scams.


*From:* RIT Message Center [mailto:msgctr at rit.edu]
*Sent:* Wednesday, July 23, 2014 4:00 PM
*To:* RIT Message Center <msgctr at rit.edu>
*Subject:* Information Security Alert--Spoofed Messages from Co-workers
Requesting Financial Data

*Information Security Alert--Spoofed Messages from Co-workers Requesting
Financial Data*
* ------------------------------ *

*Why am I receiving this message?*

RIT users are receiving spoofed email messages requesting financial data
that appear to be from co-workers.

The phishing attempt appears to come directly from a co-worker and includes
the subject: *Request*.

The text is as follows:


Hope you are having a splendid day. I want you to quickly email me the
details you will need to help me  process an outgoing wire transfer to
another bank.

I will appreciate a swift email response.



The reply address in the email appears to go to your co-worker at RIT.
However, if you reply, your response will be sent to an external email

*How do I know these are spear phishing attempts?*

It's difficult to distinguish these as phishing emails. These are targeted
phishing attempts (spear phish) that appear to come directly from your

*What is RIT doing to protect me?*

   - RIT is working to block the phishing/malware attacks from reaching RIT
   email accounts.
   - myMail.rit.edu has not been compromised.
   - McAfee VirusScan with up-to-date virus definitions will protect
   against viruses and many other threats that may be associated with phishing
   emails. (Antivirus software is available free to RIT students, faculty, and
   staff for home use from http://www.rit.edu/its/services/security/).
   - MySpam will block many of these phishing emails. However, senders
   actively modify messages to avoid spam traps like Brightmail, and that
   allows a few to slip through.

*What can I do to protect myself?*

   - If you receive an email requesting confidential information, telephone
   the sender to verify the request.
   - Send a copy of the email to phish at rit.edu following the steps below.
   We'll need to see the header (behind-the-scenes part) of the suspicious
   email to determine where it really came from.

   1. Create a new email addressed to phish at rit.edu.
      2. Copy or drag the suspicious email into the new email you just
      3. Send the new email.
      4. Delete the suspicious email.

   - If you responded to the phishing email and sent banking details,
   contact Public Safety at 585-475-2853. Change your password NOW, scan
   your systems for viruses and spyware,  and report the situation to your
   Help Desk (SCOB, NTID, ITS).
   - Visit the RIT Information Security Phishing page at
   http://www.rit.edu/security/content/phishing for information on keeping
   yourself safe from phishing attempts.

*REMEMBER: RIT will NEVER ask for your password through email.*

*Ben Woelk '07*

*ISO Program Manager*

*Rochester Institute of Technology*

*Ross 10-A204*

*151 Lomb Memorial Drive*

*Rochester, New York 14623*

*585.475.4122 <585.475.4122>*

*infosec at rit.edu <fbwis at rit.edu>*

*http://www.rit.edu/security <http://www.rit.edu/security> *

*Like RIT Information Security on Facebook:

*Follow us on Twitter: **http://twitter.com/RIT_InfoSec


This RIT message was sent by the *my*RIT Message Center to the members
subscribed to the category *General Announcements - Information Security.*
If you would like to opt-out of a category of communications then please
visit your *my*RIT Message Board at my.rit.edu to indicate your preferences.

RIT Privacy Policy: http://www.rit.edu/~620www/Manual/sectionC/C7.html

Please do not respond to this email. Replies to this email will not be read
or responded to. Please use the contact information provided in the email.

Ben Woelk, CISSP
Scholarship Chair, Society for Technical Communication
Vice President, Rochester Chapter, Society for Technical Communication

Author of *Shockproofing Your Use of Social Media: Staying Safe Online
available on Amazon Kindle.

*Connect with me on social media:*

   - *Facebook <https://www.facebook.com/ben.woelk>*
   - *LinkedIn <http://www.linkedin.com/in/benwoelk>*
   - *Twitter: @benwoelk <https://twitter.com/#%21/benwoelk>*

*Follow my Introverted Leadership Blog <http://benwoelk.com/>*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailer.stc.org/pipermail/stc_presidents-discuss/attachments/20160711/37431f26/attachment-0001.html>

More information about the Stc_presidents-discuss mailing list