Information Technology Services

Phishing

IMPORTANT

Never give out your NetID and Patriot Pass Password, Two-Factor Authentication (2FA) codes, or any sensitive information in an email, over the phone, or in an unsolicited online form.  

If you receive a suspicious email, report it. If you aren’t sure, contact ITS Support at 703-993-8870 or Live Chat so it can be assessed.

Overview

Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by pretending to be a trustworthy entity in electronic communication. Phishing attacks are on the rise—don’t fall for their bait. Suspicious emails should be reported using the Microsoft Report Button. Instructions on reporting emails as phishing can be found at Reporting a Phishing Email in Outlook.

Articles about phishing are available in the ITS knowledge base.

If you have questions about the suspected phishing email, contact ITS Support at 703-993-8870 or Live Chat.

Tips to Avoid Being Caught

Recognize generic communication

General greetings such as ‘Dear User,” “Dear Gmu Student/Faculty,’ or ‘Email user’ are for mass mailings. Those greetings are not signs of a personal or business relationship and ought to signal caution, so be suspicious of the vague salutation.

Be wary of requests for confidential information

Do not share passwords, Two-Factor Authentication codes, or account details.

Question ‘scare tactic’ messages

Threats of account closures, account sizes exceeding limits, or loss of access are fraudulent.

Avoid clicking active links without verifying

Links in fraudulent emails can hide actual addresses. Some links will download spyware or malware. Do not click on links or attachments in suspicious emails. When in doubt, trust your instinct, and use a reliable source to find the contact number, such as your membership card or the company’s official website, to call the company on the phone and verify.

Keep software up-to-date and perform regular scans

Software updates often contain patches that will block malicious programs. Antivirus, spyware, firewall, and antispam help protect against threats.

Delete emails from unknown addresses

When in doubt about the legitimacy of a request, do not respond or submit information to the email or the text. If available, use a reliable source to find the contact number, such as your membership card or the company’s official website, to follow up by using one of two safety protocols: log onto the website directly by typing the main address in your browser, or call the company on the phone and verify.

If you do fall victim to a phishing scam

Reset related password(s) immediately, including a secondary or recovery email account. If you suspect that your George Mason account has been compromised, contact ITS Support at 703-993-8870 or use Live Chat to request assistance.