May 15, 2019
GW Information Technology has received reports of both email impersonation and phone scams.
There have been reports of members of the GW community receiving email messages impersonating senior staff members, professors, and deans. The messages often come from email addresses resembling GW addresses such as [email protected]
or a variation of it. In some cases, the addresses are spoofed and are indistinguishable from legitimate GW addresses. In all cases, the sender sends one sentence that asks if the recipient is available for a favor or assistance.
If the recipient replies, the sender requests that the recipient purchase gift cards and transmit the numbers or asks for wire transfers or other unusual requests designed to commit financial fraud. The sender often claims that they cannot do it themselves because they are in a meeting and that it is an emergency request.
Impersonation email example:
If you receive an email from an address that you think is impersonating a GW staff member, do not respond and report the incident to [email protected].
There have also been reports of incoming phone calls where the callers are specifically asking for information about students, staff, and faculty, past and present. The callers always give the person's first and last name, and sometimes the department and title. They often ask if they are contacting George Washington University and what office are they contacting. Many say that they are trying to reach someone and that they were directed to contact that particular office to obtain their information. GW faculty and staff should ignore such requests for information gathering and report any suspicious phone calls to [email protected]
Be wary of messages requesting account verification, confirmation or upgrade, payment or personal information such as your passwords, GWID, Social Security number or credit card information. The university is frequently targeted by malicious actors who will attempt to acquire personal information about you and other members of the university community through email and over the phone. Please be aware that these attempts often seem legitimate. Ask questions, trust your instincts, and if things seem off don’t be afraid to take a message and follow-up later. Attackers will frequently use a sense of urgency to elicit the victim into making a risky decision.
If you receive any phishing attempts in the future, do not reply to it, open any attachments or click on any links. Please forward the email to [email protected]