Technology Security

Phish Information

These listed below are currently ACTIVE on GCSU campus:

Subject: Payment (as of December 7th, 2018)

Latest PayPal phish is coming in from with a subject line of: Payment. The image in the email are actual images to PayPal and some of the links actually go to the real PayPal site. However, the link where it says "Download transactions details file" and the link in the transaction numbers all take you to a hacked phishing site. Please delete the message.


USG Cybersecurity received multiple reports of a suspicious email message sent to USG employees. This message has the subject line, ā€œ[[[IMPORTANT MESSAGE FROM DEPARTMENT OF EDUCATION!!!]]]ā€ and may appear to be from someone you know. The body of the message contains the following text. These email messages are not legitimate. Please do not open any attachments or click on any embedded link. They could be used to compromise your account credentials and allow intruders access to confidential information. If you receive a message having these characteristics, please delete the message.
If you have additional questions or concerns, please contact the USG Enterprise Service Desk at 706-583-2001, or by email at

Alisson L. Guth has shared OneDrive files with you. Click review below to view file.

Review File

Best Regards

Alisson Louise Guth
Department of Education
400 Maryland Avenue, SW
Washington, D.C. 20202"

SPOOF EMAILS being circulated (current and active since July 2018)

For the last few months hackers have been circulating emails that spoof (imitate) someone on campus. Most often the person being imitated is a department lead. Most (not all) are coming in as "Firstname Lastname ". The names are accurate but of course is not a GCSU email domain.

These emails are fraudulent. Please do not respond to them. Most come in with a subject line similar to "Follow Up" and the content of the email is something as simple as "Are you available?". The hacker is working towards credit card theft/fraud.

From: Dr. Desha Williams
Sent: Monday, December 3, 2018 4:38 PM
Subject: Re: Hello

I'm in a meeting right now and that's why Iā€™m contacting you through here. I should have called you but phone is not allowed to be used during the meeting. I don't know when the meeting will be rounding off and I want you to help me out on something very important right away.



Recent Phish (but not known to be active at this time):

PHISH/VIRUS: Notification - Review New Doc (Late October 2018)

A few people are getting email notices that appear to be OneDrive documents to be reviewed and approved. If you do not know the sender, please do not click on the documents. Also, if/when you receive these emails, please send them to Serve as well as the ISO ( and Thanks.

From: Tomas Rehak
Date: October 30, 2018 at 8:29:55 AM EDT
To: ""
Subject: Notification - Review New Doc

You have received a new document on OneDrive and it is said to be important

Your document is ready!


Virus Information

General Information