Phishing 101: Spot the Cybercriminals

Have you ever fallen victim to a scam? If the answer is yes – don’t fret! You aren’t the only one. In fact, cybercriminals are on the prowl all year in hopes of stealing money or gaining access to information from Mason’s faculty, staff, and students.

If you completed Mason’s IT Security Awareness Training, you know you are a prime target for cybercriminals by simply having an email account. Information Technology Services (ITS) has recognized the patterns cybercriminals use and the times when criminals tend to step up their attacks, which tend to be during the busiest parts of the year, such as the beginning of the semesters, over holidays and breaks, and during finals, because they want to catch users off guard. Often, criminals try to pressure you to move quickly, resulting in you providing information that will compromise your account, sending them money, or unknowingly downloading malware on your computer.

Cybercriminals actively choose our Mason population to access information about research projects, infiltrate Mason’s IT assets to gain intelligence, gather data on Mason employees, and steal money. Here are some of the most recent ways that criminals are pursuing our community:

  • Faculty members: Gift cards scams!
    An email addressed to faculty stating it is from their boss or a university official. In the body of the email, the cybercriminal asks if they are available to purchase gift cards and then asks them to confirm they can handle the errand. Do not respond to this message or engage the cybercriminal! It is an effort to steal money.

  • Staff members: Fake documents!
    Staff may receive an email with an attachment telling them their signature is needed on documents. The attachment may contain a link leading to a page imitating Mason’s login page for Patriot Web that asks for a username and password. With that information, cybercriminals may try to compromise accounts, gain access to payroll information, and/or use email to send the scam to additional members of the Mason community.

  • Students: Fake job opportunities!
    These opportunities are often high-paying jobs for little work. The criminals reel in students by promising them $400 weekly for up to 15 hours of work and send them a phony check, asking students to deposit it into their personal banking account. They are then instructed to keep a portion of the money as first payment and send the remaining amount to the employer. When the check is returned for insufficient funds, the student’s account is debited for the entire amount.

We know it can be tricky to spot these criminals. To avoid these attacks, follow these tips:

  • Delete emails from unknown addresses
  • Do not click email links or open attachments from unknown sources
  • Be wary of requests for confidential information — legitimate organizations will never ask you to provide your password in an email response
  • Never share passwords, usernames, or accounts
  • Question any “scare tactic” messages – account closures and loss of access are common fraudulent threats
  • Keep antivirus software up to date and perform regular scans
  • Beware that sender email addresses, links, and websites can be faked to appear to originate from Mason
  • Enable Two-Factor Authentication to require verification of your identity

Remember: George Mason University will never ask for your personal information over email. To learn more about phishing, see the ITS knowledge base. If you suspect that you are being phished, contact the ITS Support Center at 703-993-8870 or