Quishing is a social engineering attack where cyber criminals exploit QR codes, which are two-dimensional barcodes that store data both horizontally and vertically. Through Quishing, these QR codes will direct victims to URLs which contain:
As agentic AI systems become increasingly capable of autonomous decision-making and task execution, it’s critical to understand the risks of sharing your login credentials—especially institutional ones—with these tools.
Why You Should Never Share Credentials with AI
Agentic AI may:
To help protect RPI accounts and data, follow these best practices when using password managers.
Use a password manager to create and store strong, unique passwords for each account.
Keep your personal and RPI credentials separate - use different accounts or tools.
Use multi-factor authentication (MFA) or passwordless login wherever available.
To maintain secure password management practices in accordance with RPI IT policies you should not store institutional passwords in personal Chrome profiles, in particular your RCS password and any application passwords with access to RPI sensitive data.
Risks of Storing Institutional Passwords in Personal Chrome Profiles
Institute policy states that email accounts obtained through third parties may not be used in conducting the business of the Institute. Ensuring compliance with the Rensselaer email policy is crucial for several reasons, including regulatory security requirements, operational efficiency, and maintaining a professional image.
Since 2004, the President of the United States and Congress have declared October to be Cybersecurity Awareness Month, helping individuals protect themselves online as threats to technology and confidential data become more common.
Please review the featured resources (in Percipio - must login with RCS id) to learn more about how to protect yourself and thank you for your ongoing commitment in helping to ensure that everyone can be safe and secure online:
Please be aware of sophisticated phishing attempts targeting our community. Do not provide your Duo codes in response to any text messages, phone calls, emails, or other communication methods. These requests are fraudulent and designed to steal your information and compromise your RCS account.
Stay vigilant and protect your account. If you receive any suspicious requests, report them immediately.
Thank you for your cooperation.
We strongly encourage the adoption of Single Sign-On (SSO) for all campus-related applications, especially those handling sensitive information. SSO provides centralized visibility and control over client access, making it easier to demonstrate compliance with regulatory requirements such as GDPR, HIPAA, and FERPA. Audit trails and logs can be generated to track user activity and access to sensitive data.
It is crucial that ChatGPT and other generative AI tools are used with caution and do not put Rensselaer data at risk. Confidential and Internal Use data, as defined in the Information Classification policy, cannot be put into any of these tools unless a vetted contract is in place through procurement to ensure proper data security and privacy.
Additionally, all use cases should be consistent with the Cyber Citizenship Policy.
