Phishing Overview

Phishing is a cyberattack executed by a hacker by posing as a legitimate source like a person or department at Georgia Tech. A phishing campaign is often launched through bulk emails. It attempts to trick you into sharing your sensitive information such as your username, password, financial or personal information so the cybercriminal can gain unauthorized access and steal your money or identity. Unfortunately, many students and employees of Georgia Tech have fallen victims to such malicious attacks and had their accounts compromised, and sometimes paychecks stolen in the past few years. It is very important to know what a phishing email looks like, so you can identify it, report it promptly and protect yourself from getting phished.

Common signs of a Phishing Email and Safety Tips

  • Duo codes are strictly confidential: Never share a Duo code with anybody, including via phone, email, text, or chat. Never use a Duo code provided to you by another person. Georgia Tech IT team will never ask you for your Duo code.
  • Unknown/unauthorized Duo Push requests: Deny any Duo Push that you did not initiate, including tapping “I’m not logging in” and “Yes” for suspicious login. Then, follow the Phishing Recovery process. Approve Duo Push only if you initiated it. Use only the code displayed on your login screen. Never enter a code from a text or a phone call. 
  • Non-Georgia Tech 2FA page asking for Duo codes: Legitimate Georgia-Tech 2FA page will have Georgia Tech logo. Never enter the Duo code on any Non-Georgia Tech 2FA page.
  • Impersonation: Using a display name or email address that mimics a legitimate entity (e.g. Office of Financial Aid) to steal sensitive data. Be cautious of any unsolicited emails. External sender notices in Microsoft 365 Outlook are a visual indicator that an email has been received from outside Georgia Tech. It helps you to spot potential phishing or spam messages and acts as a reminder to be cautious with links, attachments, or requests that are contained in the email. Use the first contact safety tip feature in Microsoft 365 Outlook to identify email addresses that may be attempting to impersonate another person.  
  • Urgent call to action or threats: Phrases like “act immediately,” “urgent action required,” or threats of account suspension. Be skeptical of any unsolicited emails, especially those creating a sense of urgency.
  • Request for sensitive information: Asking for GT login credentials, passwords, bank account details or other personal information. Georgia Tech will never ask you for your password or other sensitive information. So never share your password or other sensitive information with anyone.
  • Unexpected attachments: Especially from unknown senders or with unusual file names. Such attachments that may contain malware. Don’t click or open attachments from unknown or suspicious senders. 
  • Suspicious links to non-Georgia Tech websites asking for GT credentials: Phishing emails often contain links that lead to fake login pages designed to steal your GT credentials. Legitimate Georgia Tech login pages are always on a *.gatech.edu domain and the login page URL begins with https://sso.gatech.edu/. Always hover your mouse over a link to see if the URL matches a legitimate Georgia Tech domain (*.gatech.edu). If it doesn’t match or looks suspicious, don’t click it, don’t fill in any information, and report the fake site to soc@gatech.edu
  • For additional guidance, see How can I identify a phishing email?

Recent Phishing Email Subjects identified in Cyberattacks at Georgia Tech [see GT Phishbowl]

  • School Job
  • Flexible Remote Opportunity – Earn Up to $450/Week
  • TERMINATE OFFICE 365 ACCOUNT
  • Exciting Part-Time Administrative Assistant Opportunity!
  • PART – TIME JOB OPPORTUNITY!
  • Update! Update!! Update!!!
  • Urgent – Sexual Misconduct Report Pertaining to Your Class

Recent Phishing Email Examples at Georgia Tech

Phishing Email
Phishing Email
Phishing Email

Report Phishing: What to do if you receive a phishing email?

If you receive an email that looks suspicious, here’s what you should and shouldn’t do.

  • Don’t reply to the sender.
  • Don’t forward the email to others.
  • Don’t click or visit any links within the email.
  • Don’t click or open any attachments within the email.
  • Don’t enter any sensitive information.
  • Use the “Report Phishing” option in Microsoft 365 Outlook.
  • Forward the email as an attachment to phishing@gatech.edu. This allows the Georgia Tech Cyber Security team to investigate.
  • Delete the email.
  • When in doubt, always err on the side of caution and report it.
  • If you inadvertently clicked a link in the phishing email and entered your GT Account and password, follow the steps in Phishing Recovery immediately.

Need More Info?

To stay informed on the phishing scams happening at Georgia Tech, see GT PhishbowlGT Cybersecurity, Cybersecurity Awareness and Recent Phishing Scheme at Georgia Tech | News Center.