Information Technology Services

Phishing

IMPORTANT

Never give out your Patriot Pass Password or other personal information via email. George Mason will never ask for personal information via email, phone/text, or online form. If you receive a suspicious email, delete it. If you aren’t sure, contact ITS Support at 703-993-8870 or https://its.gmu.edu/chat/ so it can be assessed.

Overview

Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by pretending to be a trustworthy entity in an electronic communication. Phishing attacks are on the rise—don’t fall for their bait!

If you suspect you have received a phishing email, please report the suspected email by forwarding it as an attachment to [email protected].

If you have questions about the suspected phishing email, contact ITS Support at 703-993-8870 or use Live Chat at https://its.gmu.edu/chat/.

Remember: George Mason University will never ask for your personal information via email, nor will there be a request for a Duo Two-Factor Authentication (2FA) code. Articles about phishing are available in the ITS knowledge base.

Tips to Avoid Being Caught

Recognize generic communication

General greetings such as ‘Dear User,” “Dear Gmu Student/Faculty,’ or ‘Email user’ are for mass mailings. Those greetings are not signs of a personal or business relationship and ought to signal caution, so be suspicious of the vague salutation.

Be wary of requests for confidential information

Do not share passwords, Two-Factor Authentication codes, or account details.

Question ‘scare tactic’ messages

Threats of account closures, account sizes exceeding limits, or loss of access are fraudulent.

Avoid clicking active links without verifying

Links in fraudulent emails can hide actual addresses. Some links will download spyware or malware. Do not click on links or attachments in suspicious emails. When in doubt, trust your instinct, and use a reliable source to find the contact number, such as your membership card or the company’s official website, to call the company on the phone and verify.

Keep software up-to-date and perform regular scans

Software updates often contain patches that will block malicious programs. Antivirus, spyware, firewall, and antispam help protect against threats.

Delete emails from unknown addresses

When in doubt about the legitimacy of a request, do not respond or submit information to the email or the text. If available, use a reliable source to find the contact number, such as your membership card or the company’s official website, to follow up by using one of two safety protocols: log onto the website directly by typing the main address in your browser, or call the company on the phone and verify.

If you do fall victim to a phishing scam

Reset related password(s) immediately, including a secondary or recovery email account. If you suspect that your George Mason account has been compromised, contact ITS Support at 703-993-8870 or use Live Chat to request assistance.