WHAT’S HAPPENING?
An active phishing campaign is occurring to Georgia Tech email addresses.

WHEN IS IT HAPPENING? 
The first reported email happened around 2:30pm, 3/4/25, and is ongoing.

WHY IS IT HAPPENING? 
To steal your account information and gain access to your account.

WHO IS AFFECTED?
Hackers are creating fake DropBox accounts that resemble Georgia Tech email addresses. The attacker appears to have previously phished other users and has obtained their contacts. They are using this contact list to target users, sharing a file with them via DropBox. When users select the file in Dropbox, they are queried for their email and password. All users should be diligent about any email originating from DropBox.

WHAT DO YOU NEED TO DO?  
If you did not click the link in the email, the email can be safely marked as phishing and deleted. 

If you do click on the email link, you will be taken to Dropbox. Clicking on the file itself will ask for credentials or could autofill. If it asks, then do not enter them. If it auto-fills and opens then closes, you should immediately change your password, check payroll information in USG Connect, and contact TSO so a malware scan can be performed.

If you ever receive an unexpected email with a shared file, always contact the sender to ensure it is legitimate. Verify the email address of the Dropbox account is the address on the email received. Be careful of characters being manipulated, such as the number 1 for a lowercase L. Look for normal phishing signs in the email address and the account email that is sending the file.

WHO SHOULD YOU CONTACT FOR QUESTIONS?
Feel free to contact the TSO Help Desk (CCB 225D, 404.894.7065, helpdesk@cc.gatech.edu).