Phishing

Phishing is a scam that uses targeted email or pop-up messages to deceive consumers into disclosing personal information including credit card or bank account info, Social Security numbers and passwords.

Phishers send messages using a sense of urgency and claiming to be from a business or organization that you may be involved with at work or school. These campaigns can send emails from your account to all of your contacts. Additionally, email addresses, logos and login pages can all be spoofed to appear legitimate. Phishing attempts will often impersonate Towson University communications. Don’t take the bait. 

THINK YOU HAVE RECEIVED A PHISHING EMAIL?

Follow these steps:

  • Ignore the request for action. Do not respond, click on any links or open any attached files. NEVER reply with your NetID/password.
  • Forward the email to .
  • Delete the email.

If you are concerned that your information or device may have been compromised, contact the OTS Help Center at 410-704-5151 or submit a TechHelp service request.

Protecting The Campus

As one of many layers of cyberprotection, the Office of Technology Services has enabled phishing detection on TU email accounts. If you have concerns about links in an email, forward it to . You are still the University's best line of defense -think before you click!

HOW to recognize Phishing

These characteristics should be considered signs of a phishing message:

  • Urgent Requests. Be suspicious of any email with urgent requests for personal or financial information. This includes a request for immediate action or there will be a devastating consequence (threat). A phone call to the OTS Help Center at 410-704-5151 will clear up any question about account status.
  • Request for username and passwords-especially for NetIDs. No one at TU will send an email asking for your username and password.
  • References to the IT department or IT service. The technology office at Towson University never refers to itself in writing as “IT” – always look for The Office of Technology Services (OTS) in communications.
  • Vague subject lines. OTS will provide descriptive subject text, and when possible, include a phishing disclaimer at the end of the email.
  • Obvious spelling mistakes and bad grammar. Emails sent from TU departments and offices are almost always reviewed and spell-checked prior to distribution.
  • Unfamiliar links in the body of the email. Don’t click – hover to check the actual web address.
  • Attachments that are “.exe” or “.zip” files. Opening these can launch and spread malicious software.
  • Unknown sender, or an email from an unsolicited source. If it is not from an @towson.edu address, be sure you are familiar with sender.

To learn more, read Microsoft's article: “How to recognize Phishing Email Messages.”  

The start of school, during long holiday breaks and tax season are prime time for phishing scams and the University community must be extra diligent during these times. Students especially, should carefully review urgent emails from Google requesting account information. ”

TU's Office of Information Security

The TU Phish Tank

These are actual phishing emails received by . The each email is in PDF form and is listed by subject line. Click to view the example:

Adobe Reader Download button