IT Security Office | Cybersecurity Strategy | IT Security Standards | Security Best Practices | System Admin Resources | Highly Sensitive Data | CSIRT | SALT |

IMPORTANT

Never give out your Patriot Pass Password or other personal information via email. George Mason will never ask for personal information via email, phone/text, or online form. If you receive a suspicious email, delete it. If you aren’t sure, contact ITS Support at 703-993-8870 or https://its.gmu.edu/chat/ so it can be assessed.

Overview

Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by pretending to be a trustworthy entity in an electronic communication. Phishing attacks are on the rise—don’t fall for their bait!

If you suspect you have received a phishing email, please report the suspected email by forwarding it as an attachment to [email protected].

If you have questions about the suspected phishing email, contact ITS Support at 703-993-8870 or use Live Chat at https://its.gmu.edu/chat/.

Remember:George Mason University will never ask for your personal information via email nor will there be a request for a Duo Two-Factor Authentication (2FA) code. Articles about phishing are available in the ITS knowledge base.

Tips to Avoid Being Caught

Recognize generic communication

General greetings such as ‘Dear User,” “Dear Gmu Student/Faculty,’ or ‘Email user’ are for mass mailings. Those greetings are not signs of a personal or business relationship and ought to signal caution, so be suspicious of the vague salutation.

Be wary of requests for confidential information

Do not share passwords, Two-Factor Authentication codes, or account details.

Question ‘scare tactic’ messages

Threats about account closures, account sizes exceeding limits, and loss of access are fraudulent warnings.

Avoid clicking active links without verifying

Links in fraudulent emails can hide actual addresses. Some links will download spyware or malware. Do not click on links or attachments in suspicious emails. When in doubt, trust your instinct, and use a reliable source to find the contact number, such as your membership card or the company’s official website, to call the company on the phone and verify.

Keep software up-to-date and perform regular scans

Software updates often contain patches that will block malicious programs. Antivirus, spyware, firewall, and antispam help protect against threats.

Delete emails from unknown addresses

When in doubt about the legitimacy of a request,do not respond or submit information to the email or the textf. If available, use a reliable source to find the contact number such as your membership card or the company’s official website, to ollow up by using one of two safety protocols: log onto the website directly by typing the main address in your browser or call the company on the phone and verify.

If you do fall victim to a phishing scam

Reset related password(s) immediately including a secondary or recovery email accounts. If you suspect that your George Mason account has been compromised, contact ITS Support at 703-993-8870 or use Live Chat so ITS can assist.