[Stc_presidents-discuss] RIT advisory about Spoofed Messages from Co-workers Requesting Financial Data

Cindy Pao cindy at paofamily.com
Mon Jul 11 23:27:50 UTC 2016


Presidents, please forward this email to your treasurers!

 

I don’t want to see any community lose money to a scam artist.

 

YIS,

Cindy Pao

Associate Fellow of the Society for Technical Communication

Director-at-Large, Society for Technical Communication

Chair, Community Affairs Committee, STC

 

“If you’re ever sad, just remember the world is 4.543 billion years old and you somehow managed to exist at the same time as David Bowie.” Dean Podesta (@JeSuisDean) January 10, 2016

 

From: stc_presidents-discuss-bounces at mailer.stc.org [mailto:stc_presidents-discuss-bounces at mailer.stc.org] On Behalf Of Ben Woelk via Stc_presidents-discuss
Sent: Monday, July 11, 2016 2:31 PM
To: Presidents' Email List <stc_presidents-discuss at mailer.stc.org>
Cc: Chris Lyons <chris.lyons at stc.org>; cac-discuss at mailer.stc.org
Subject: [Stc_presidents-discuss] RIT advisory about Spoofed Messages from Co-workers Requesting Financial Data

 

You can ignore all of the RIT-specific information in the email below, but there are general tips (and links to more tips) that should prove helpful when identifying scams.

 

Ben

 

 

 

From: RIT Message Center [mailto:msgctr at rit.edu <mailto:msgctr at rit.edu> ] 
Sent: Wednesday, July 23, 2014 4:00 PM
To: RIT Message Center <msgctr at rit.edu <mailto:msgctr at rit.edu> >
Subject: Information Security Alert--Spoofed Messages from Co-workers Requesting Financial Data

 

	
Information Security Alert--Spoofed Messages from Co-workers Requesting Financial Data 

  _____  

Why am I receiving this message? 

RIT users are receiving spoofed email messages requesting financial data that appear to be from co-workers.  

The phishing attempt appears to come directly from a co-worker and includes the subject: Request. 

The text is as follows: 

Hi YOURNAME, 

Hope you are having a splendid day. I want you to quickly email me the details you will need to help me  process an outgoing wire transfer to another bank. 

I will appreciate a swift email response. 

Thanks. 

CO-WORKERNAME  

The reply address in the email appears to go to your co-worker at RIT. However, if you reply, your response will be sent to an external email address.  

 

How do I know these are spear phishing attempts? 

It's difficult to distinguish these as phishing emails. These are targeted phishing attempts (spear phish) that appear to come directly from your co-worker. 

 

What is RIT doing to protect me? 

*	RIT is working to block the phishing/malware attacks from reaching RIT email accounts.
*	myMail.rit.edu <http://myMail.rit.edu>  has not been compromised.
*	McAfee VirusScan with up-to-date virus definitions will protect against viruses and many other threats that may be associated with phishing emails. (Antivirus software is available free to RIT students, faculty, and staff for home use from http://www.rit.edu/its/services/security/).
*	MySpam will block many of these phishing emails. However, senders actively modify messages to avoid spam traps like Brightmail, and that allows a few to slip through.

What can I do to protect myself? 

*	If you receive an email requesting confidential information, telephone the sender to verify the request. 
*	Send a copy of the email to phish at rit.edu <mailto:phish at rit.edu>  following the steps below. We'll need to see the header (behind-the-scenes part) of the suspicious email to determine where it really came from.

1.	Create a new email addressed to phish at rit.edu <mailto:phish at rit.edu> . 
2.	Copy or drag the suspicious email into the new email you just created. 
3.	Send the new email.
4.	Delete the suspicious email.

*	If you responded to the phishing email and sent banking details, contact Public Safety at 585-475-2853 <tel:585-475-2853> . Change your password NOW, scan your systems for viruses and spyware,  and report the situation to your Help Desk (SCOB, NTID, ITS). 
*	Visit the RIT Information Security Phishing page at  <http://www.rit.edu/security/content/phishing> http://www.rit.edu/security/content/phishing for information on keeping yourself safe from phishing attempts.

REMEMBER: RIT will NEVER ask for your password through email. 

Ben Woelk '07 

ISO Program Manager 

Rochester Institute of Technology 

Ross 10-A204 

151 Lomb Memorial Drive 

Rochester, New York 14623  

585.475.4122 <tel:585.475.4122>  

infosec at rit.edu <mailto:fbwis at rit.edu>  

 <http://www.rit.edu/security> http://www.rit.edu/security   


Like RIT Information Security on Facebook:  <https://www.facebook.com/RITInfosec> https://www.facebook.com/RITInfosec 


Follow us on Twitter: http://twitter.com/RIT_InfoSec  

 

  _____  

This RIT message was sent by the myRIT Message Center to the members subscribed to the category General Announcements - Information Security. If you would like to opt-out of a category of communications then please visit your myRIT Message Board at my.rit.edu <http://my.rit.edu>  to indicate your preferences.

RIT Privacy Policy: http://www.rit.edu/~620www/Manual/sectionC/C7.html

Please do not respond to this email. Replies to this email will not be read or responded to. Please use the contact information provided in the email.

  _____  

 

Ben Woelk, CISSP
Scholarship Chair, Society for Technical Communication
Vice President, Rochester Chapter, Society for Technical Communication


  <http://www.stc.org/images/stories/STC_Logos/STC-Logo-Sr-Member.png> 

Author of Shockproofing Your Use of Social Media: Staying Safe Online <http://www.amazon.com/gp/product/B00OJMK4T2/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=B00OJMK4T2&linkCode=as2&tag=infosecommun-20&linkId=2Q4UZYWENIEEKVYG> , available on Amazon Kindle.

 

 

Connect with me on social media:

*	Facebook <https://www.facebook.com/ben.woelk> 
*	LinkedIn <http://www.linkedin.com/in/benwoelk> 
*	Twitter: @benwoelk <https://twitter.com/#%21/benwoelk> 


Follow my Introverted Leadership Blog <http://benwoelk.com/> 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailer.stc.org/pipermail/stc_presidents-discuss/attachments/20160711/613b3d3e/attachment-0001.html>


More information about the Stc_presidents-discuss mailing list