Don’t buy into gift card requests or other email scams using names of WVU employees
Information Technology Services reminds you to be wary of suspicious-looking emails that may appear to come from a WVU official or employee seeking a favor. These are scams aimed at stealing money, gift cards or sensitive information.
Unlike generic phishing emails, these so-called spear phishing emails are harder to detect because they include details that are specific to you or your role on campus. They may seem like genuine requests, but there are usually clues they aren’t:
Spear phishing emails often:
- Have a fake email address or link that is cleverly disguised to appear to be from an official WVU source (i.e. email@example.com or www.login.wvu.edu0.in). Slow down, check the return address and hover over embedded links to see where the information is really going.
- Contain a threat or warning of severe consequence if you do not act immediately with subject lines like “Very Urgent” or even “Help.” But sometimes, they just say “Hello.”
- Request immediate payment through wire transfer, Western Union, money order, gift cards, bitcoin or reloadable debit card.
- Have poorly formatted text, questionable grammar or use strange phrases. No one who works at WVU would call us The University of West Virginia, for example, or refer to you as “User” instead of your name.
When in doubt, contact the person directly to confirm the request is legitimate and forward the email as an attachment to ITS at firstname.lastname@example.org for analysis.
Defend Your Data: Don’t fall for a COVID 19 scams
Criminals posing as legitimate medical or health organizations are attempting to scam unsuspecting victims during this time of uncertainty. Many federal agencies including the FBI, Secret Service, Federal Trade Commission, and Food & Drug Administration have recently issued warnings to be aware of scams associated with COVID 19.
As always, proceed with caution. Be skeptical of emails you receive from an unknown sender and follow these tips to defend your data:
- Don’t open attachments claiming to contain pertinent information about how to protect yourself from the disease.
- Never click links and enter your email password to read more.
- Be wary of emails claiming to be from the Centers for Disease Control and Prevention (CDC) or “experts” claiming to have important information. At WVU, coronavirus.wvu.edu is your official source of information.
- Disregard fake charities claiming to be collecting money for medical supplies. If someone is pressuring you to send cash or gift cards immediately, don’t do it.
- Avoid purchasing products claiming to be virus treatments from these seven companies the Federal Trade Commission has identified.
- Be cautious when purchasing personal protective equipment such as N95 respirator masks, gowns or COVID-19 testing kits. Check the CDC website to make sure the item is NIOSH-approved. Especially avoid unprompted solicitations to purchase large quantities of these products.
- Ignore online offers for vaccinations. There are currently no vaccines or treatments.
- Avoid promotions to invest in products or services that can detect, prevent or cure the virus.
If you think you may have fallen for a scam and given your personal information, please change your password immediately at login.wvu.edu and set up multi-factor authentication on all important accounts, like banking and email.
For more information about how to avoid scams and defend your data, visit https://it.wvu.edu/security/defend-your-data/spam-and-phishing. Forward all suspicious email to ITS as an attachment to email@example.com