University-Wide Phishing Email Notice
From our colleagues at ITS:
Cybercriminals are actively attempting to access your Mason payroll account through phishing emails. Recently, they succeeded in gaining access to several Mason employees’ direct deposit information and stole pay from the employees, working around the protections in place.
Mason will NEVER email you to request your NetID, password, or Duo (2FA) Passcode.
When you receive an email from an unknown sender or an email you are not expecting, especially if the sender is requesting information, you should:
- Examine the sender’s email address. An email from a Mason employee or Mason office should have a gmu.edu email address.
- Examine links to determine whether they are Mason sites. The link should be one you are familiar with, or one you are expecting. If not, do not visit the site. When in doubt, manually enter the URL of the site you want to visit instead of clicking on a hyperlink.
- Never respond to an unanticipated Duo push or provide a Duo passcode to someone on your behalf. Providing this information gives cybercriminals access to your accounts.
- Contact the ITS Support Center if you think you have received a malicious email. They can help you determine whether an email is legitimate.
- Change your password immediately (password.gmu.edu) if you replied to a link in a phishing email with your username and password. After you change your password, contact the ITS Support Center at 703-993-8870.
If you have questions about an email or need assistance determining whether an email is fraudulent, please contact the ITS Support Center at 703-993-8870 or email@example.com.