Skip to main content

Spam and Phishing


What to do about spam and email phishing scams

What is phishing? It's an email that may appear legitimate but is really aimed at stealing your personal credentials. Few things are as annoying as spam, and few things have more potential for data loss and/or identity theft than a phishing attack. 

WVU receives on average approximately 10 million emails each day. More than 90 percent of incoming emails are filtered out, but no filter is perfect. Some spam and phishing attempts WILL reach your inbox. So what do you do when that happens?

  • Never reply to a suspicious email.
  • Never click on “unsubscribe.” (They lie.)
  • Never send your username or passwords in reply to any email.


  1. Add the message to the “junk" or "spam” folder of your email to block the sender.
  2. Forward the message as an attachment to for processing, per these instructions.
  3. Delete it and move on.

If you forward the message to, Information Security Services will:

  • Analyze each email to determine legitimacy and assess the potential security threat.
  • Respond to the user regarding the level of hoax, threat or concern, and advise the user on how to use spam/junk/block filters in email to prevent similar messages from the same source and/or domain.
  • Determine the need and communicate as necessary an alert to the University community to any threats.
  • Evaluate whether and how to restrict the sender.
  • Evaluate whether to contact third parties about the spam or phishing.

Don’t take the bait. Be skeptical!

Follow these tips to avoid being scammed:

  • If you receive email from someone you don't know, delete it. If it really is someone you know, they will try again.
  • If you receive email with an offer that seems too good to be true, it probably is. Don’t fall for it.
  • NEVER respond to an email that asks for your username, password or account number. Identity thieves send official-looking email that appears to come from your bank or credit card company, complete with corporate logos. They collect your personal information so they can steal from your accounts.