Phishing is a scam that uses targeted email or pop-up messages to deceive consumers into disclosing personal information including credit card or bank account info, Social Security numbers and passwords.

Phishers send messages using a sense of urgency and claiming to be from a business or organization that you may be involved with at work or school. These campaigns can send emails from your account to all of your contacts. Additionally, email addresses, logos and login pages can all be spoofed to appear legitimate. Phishing attempts will often impersonate various types of Towson University communications. Don’t take the bait. 


Follow these steps:

  • Ignore the request for action. Do not respond, click on any links or open any attached files. NEVER reply with your NetID/password.
  • Forward the email to .
  • Delete the email.

If you are concerned that your information or device may have been compromised, contact OTS at 410-704-5151 or submit a TechHelp service request.

Protecting The Campus

As one of many layers of cyberprotection, the Office of Technology Services has enabled phishing detection on TU email accounts. If you have concerns about links in an email, forward it to . You are still the University's best line of defense -think before you click!

HOW to recognize Phishing

These characteristics should be considered signs of a phishing message:

  • Urgent Requests. Be suspicious of any email with urgent requests for personal or financial information. This includes a request for immediate action or there will be a devastating consequence (threat). A phone call to the OTS at 410-704-5151 will clear up any question about account status.
  • Request for username and passwords-especially for NetIDs. No one at TU will send an email asking for your username and password.
  • References to the IT department or IT service. The technology office at Towson University never refers to itself in writing as “IT” – always look for The Office of Technology Services (OTS) in communications.
  • Vague subject lines. OTS will provide descriptive subject text, and when possible, include a phishing disclaimer at the end of the email.
  • Obvious spelling mistakes and bad grammar. Emails sent from TU departments and offices are almost always reviewed and spell-checked prior to distribution.
  • Unfamiliar links in the body of the email. Don’t click – hover to check the actual web address.
  • Attachments that are “.exe” or “.zip” files. Opening these can launch and spread malicious software.
  • Unknown sender, or an email from an unsolicited source. If it is not from an address, be sure you are familiar with sender.
  • A request for financial or employee/student info. Pick up the phone and ask the sender if they really need the info they’re requesting.
  • Unfamiliar URLs. Protect yourself and the campus by avoiding fake logins. Look for these three items before entering your NetID username and password: 
  1. A padlock: Confirm this icon appears in the URL bar.
  2. “s” after http. Make sure the URL starts with: https://, not http://.
  3. edu. Ensure you’re logging into a legit TU service when you see this written out before the third forward slash mark. It might be followed by other characters, and that’s ok. An example is the MyTU login page,, where the URL is spelled out as

To learn more, read Microsoft's article: “How to recognize Phishing Email Messages.”  

The start of school, during long holiday breaks and tax season are prime time for phishing scams and the University community must be extra diligent during these times. Students especially, should carefully review urgent emails from Google requesting account information. ”

TU's Office of Information Security

The TU Phish Tank

These are actual phishing emails received by . The each email is in PDF form and is listed by subject line. Click to view the example:

Adobe Reader Download button