Posted on in IT Security, ITS News

Summertime is an ideal time to relax and take vacations, but cybercriminals use this lull to intensify their activities and launch cyberattacks.

Cybersecurity experts report that criminals are more active in the summer because they hope that networks and email inboxes aren’t monitored as closely as they are during other times because of vacations. They also hope people are less diligent about reviewing emails designed to defraud them.

That is why you may have seen an increase in phishing emails containing malicious links, malware, or attachments that request login credentials to compromise accounts, access networks, or infect computers with viruses.

It is essential to maintain a high level of cybersecurity awareness and continue to engage in safety and security practices that protect personal information and George Mason University’s IT assets. Information Technology Services (ITS) is offering these basics to remember:

No one at George Mason or any other legitimate organization will request your username, password, and a Two-Factor Authentication (2FA) passcode.

Cybercriminals send unsolicited emails containing a link to a document that requests recipients to provide their name, username, password, and a 2FA code. When the information is provided, it is used to log into the person’s account, and the criminals may redirect paychecks to the criminal’s account. The information can also be used to send emails to others, making a phony request appear to be legitimate.

Look at the sender’s email address and other details, such as the external caution banner, when receiving unsolicited emails.

High-paying, part-time job offers or research fellowships that sound too good to be true usually are. Cybercriminals will email potential applicants promising high pay for completing small tasks for professors or legitimate organizations. The first task assigned to ‘employees’ is to deposit a check, above the promised pay, into the bank. The ‘employees’ are instructed to deposit their pay into their bank account and to send the remainder back to the ‘employers.’ The check will bounce, and ‘employees’ will be scammed out of the money.

One red flag to be aware of is when cybercriminals request communication through an external email address to bypass the safeguards ITS has in place to detect phishing emails. Legitimate companies use their official company domain emails to communicate. Scammers use Gmail, Yahoo, Hotmail, or other public email platforms. Examine the sender’s email address to see if it comes from an official domain or a public email platform.

Requests to purchase gift cards as an important task for a department chairperson, a superior, or a professor are used to steal money. An email request that claims to come from a department chairperson, a superior, or a professor, asking for a person’s cell phone number to complete an important task, is a scam. The task is to purchase gift cards. After the gift cards are purchased, the person is asked to send the card number and PIN. The gift cards are cashed, and the buyer is scammed out of their money. One key item to look at is the email address from which the request is coming. Most will use a Gmail email address with the name of a department chair, superior, or professor.

As a safe practice, never disclose your Patriot Pass Password. To see the latest phishing reports, see its.gmu.edu/phishing-alerts/.

If you have questions about an email you receive, please contact ITS Support at 703-993-8870 or use Live Chat via its.gmu.edu/chat/.