• F&A Home
• Search
• A-Z Index
• Directories
• MyRIT

• Students
• Faculty & Staff
• Systems Administrators Resources

• Resources
• Alerts/Advisories
• Digital Self Defense
• Safe Practices
• Projects & Services
• Standards & Policies
• Forms
• About Us/Contacts

Phishing

Phishing is a form of social engineering where the attacker attempts to trick people into revealing private information by sending spoofed e-mails that appear to be from reputable companies. Phishing e-mails provide a link to a seemingly authentic page where you can login and reveal your username, password and other personal identifying information (PII)." Online scammers can then use this information to access your accounts, gather additional private information about you, and make purchases or apply for credit in your name.

How big has the phishing problem become? According to the Symantec Internet Security Threat Report, between July 2007 and December 2007, there were 207,547 unique phishing messages (1134 unique phishing messages per day).

Spear Phishing

Spear phishing targets a specific person or group of people (usually within a specific organization or government agency). Spear phishing e-mails are tailored to match internal communications at the target organization and may even include personal details.

Phishing in Instant Messaging

Although most phishing occurs through e-mails, fraudsters have begun using instant messaging to pose as government officials and trick people into revealing identity information.

Report a phish

Learning More About Phishing

Current Phishing Scams

Millersmiles.co.uk is an Internet community that archives phishing scams. Visit them to check if a particular e-mail or website has been reported by others, or report it yourself.

Phishing Guides

• Anatomy of a Phishing E-mail
• Top 10 Tips for Finding a Phish
• Surefire Phishing Tips

Take the SonicWall Phishing IQ Test to see how good you are at identifying phishy e-mails!

Anti-Phishing Tools

Internet Explorer 7.x and higher, Safari 3.2 and higher, and Mozilla Firefox 3.x and higher all provide some protection against phishing. E-mail clients such as Microsoft Outlook 2007 and Mozilla Thunderbird 2 also include anti-phishing features, such as disabling suspicious links and blocking pictures and attachments. As of August 1, 2009, all RIT-owned and leased computers must have some form of anti-phishing controls in place.

We recommend the following browser tools to help you identify suspicious websites:

• The Netcraft Toolbar is a browser plug-in available for Internet Explorer and Firefox. The toolbar helps stop phishing attempts by blocking known phishing sites and providing hosting information about the sites you visit.
• Finjan SecureBrowsing is a browser plug-in available for both Internet Explorer and Firefox. This tool works by analyzing the actual code of websites you visit and generating a safety rating.
• The McAfee Site Advisor is a browser plug-in available for Internet Explorer and Firefox. Site Advisor warns you of websites known to have malicious downloads or links by checking them against a database at McAfee.

Note: You should not install this version of McAfee Site Advisor on any RIT-owned computer currently running McAfee ePO. More information can be found here.

Last Modified: 07.21.2009 Copyright © 2000 - 2009 Rochester Institute of Technology Contact Webmaster Privacy Statement