Beware of phishing emails claiming to be from FIT’s Human Resources Department

What happened?
Earlier today an employee in an administrative office received a very targeted phishing email.  The email subject line was “Fitnyc Payroll/Benefits Plan On October 5, 2023 at 02:12:42 PM” and claimed to be from FIT’s Human Resources Department. This email was certainly a phish and had a malicious attachment.  The subject line included a unique timestamp which was crafted specifically to circumvent the Google mail filters. 

The FIT community acted quickly in reporting this email to us and we were able to block the senders and remove the email from the impacted inboxes.  In this case the senders were: ppc.chinchwad@anandteknow[.]com and fakturace@rpsystemy[.]cz but phishing emails tend to randomly change the sending address, also a tactic to avoid email filters. 


What can you do to protect yourself?

This incident underscores the importance of paying close attention to the “from” field of the email. Here are some tips to stay diligent against these spoofing scams:


  • If the email address does not match the supposed sender’s name—this is a red flag that something is not right.

  • If you are unsure about an email from a fellow employee, division, or department, contact them to confirm using a valid method that is known to you. Don’t use a phone number or email supplied in the suspicious email.

  • Report email scams by marking mail as phishing in Gmail, forwarding them to [email protected], or opening at ticket at TechHelp.fitnyc.edu

Be aware—and be cybersafe!