Two phishing efforts attempt to steal sensitive information

Two phishing attempts occurred earlier this week in an effort to obtain sensitive information from Mason students, faculty, and staff.

Phishing is an effort by hackers, imitating legitimate companies or organizations, to obtain private information.

According to an email sent to Mason employees, an employee with sensitive information received a phone call from someone claiming to be Microsoft last week. The caller attempted to retrieve the employee’s account information and IP address.

“This appears to be a targeted attack that could potentially compromise users’ computers, as well as their access to Mason’s network and systems,” reads the email sent by the Patriot Project Team.

According to Curtis McNay, director of Mason’s IT Security office, it is difficult to know how many people got the exact same caller, if they did.

The second phishing attempt was in the form of an email sent to approximately 2800 people on Friday November 7th and Monday, November 10th. The emails asked account holders to put in their Patriot Pass information.

“I got two [phishing] emails the morning of November 10th and they looked legit,” said Ryan Thornton, a junior government and international politics major. “I had just woken up so I clicked on the link [in both emails] and it asked me to sign in with my PatriotPass information”

Thornton did enter his information and was redirected to the Mason homepage when he simply thought it was an error and thought nothing of it. IT contacted Thornton on Tuesday, November 11th informing him that the email was a phishing attempt and asked him to change his password immediately. Thornton says that he really does not know what a phishing attempt looks like, which led to him clicking on the links.

McNay says that the emails they sent out only went to people who were affected by the attempts so they did not “spam” the entire Mason community. With both attempts, McNay assures that information was not compromised and that phishing attempts occur frequently.

On the date of publication, Thornton has yet to hear back from IT security after changing his password.

Featured imaged by Avery Powell