Don’t take the bait. Be skeptical!
Phishing is an email that may appear legitimate but is really aimed at stealing your personal credentials. WVU receives on average approximately 10 million spam and phishing emails each day. More than 90% of those emails are filtered out, but no filter is perfect. Some spam and phishing attempts WILL reach your inbox. So, what do you do when you receive a suspicious email?
- Be skeptical. Phishing emails often have official-looking graphics and may even list real company employee names but will also have poorly formatted text and questionable grammar.
- NEVER click on links within an email or open an attachment from an unknown sender. Attachments could contain malicious software. Offers that seem too good to be true probably are.
- NEVER provide your WVU Login username or password in reply to any email. If you do provide your credentials to a phishing email, go to login.wvu.edu and change your password immediately.
- NEVER respond to an email requesting your username, password or account numbers, even if it appears to come from your bank or credit card company. No legitimate organization will ever ask for your confidential account information over email.
- NEVER reply to a suspicious email or click on unsubscribe. Instead, add the message to the Junk or Spam folder of your email to block the sender.
- Forward the message as an attachment to email@example.com for processing, per these instructions.
- Delete it and move on. If it really is someone you know, they will try to email you again, or they’ll call you.
We will analyze messages to determine legitimacy and to assess the potential security threat. ITS will respond to individual users regarding the level of the hoax, threat or concern, and advise how to use spam/junk/block filters in email to prevent similar messages from the same source and/or domain. If necessary, alerts will be communicated to the University community. ITS will restrict the sender and contact third-parties about spam/phishing depending on the circumstance.