Don’t take the bait. Be skeptical!
Phishing is an email that may appear legitimate but is really aimed at stealing your personal credentials. Few things are as annoying as spam, and few things have more potential for data loss and/or identity theft than a phishing attack.
WVU receives on average approximately 10 million spam and phishing emails each day. More than 90 percent of those emails are filtered out, but no filter is perfect. Some spam and phishing attempts WILL reach your inbox . So, what do you do when you receive a suspicious email?
- Slow down and be skeptical of suspicious-looking email. Phishing emails generally have official-looking graphics and may even list real company employee names but will also have poorly formatted text and questionable grammar.
- NEVER click on links within an email or open an attachment from an unknown sender. Attachments could contain malware. Offers that seem too good to be true probably are. Don't fall for it.
- NEVER provide your WVU Login username or password in reply to any email. If you do provide your credentials to a phishing email, go to login.wvu.edu and change your password immediately.
- NEVER respond to an email requesting your personal username, password or account numbers, even those that appear to come from your bank or credit card company. Identity thieves send these official-looking emails attempting to collect your personal information so they can steal from your accounts.
- NEVER reply to a suspicious email or click on unsubscribe. Instead, add the message to the Junk or Spam folder of your email to block the sender.
- Forward the message as an attachment to firstname.lastname@example.org for processing, per these instructions.
- Delete it and move on. If it really is someone you know, they will try to email you again.
All messages forwarded to email@example.com will be analyzed by Information Technology Services to determine legitimacy and to assess the potential security threat. ITS will respond to the individual user regarding the level of the hoax, threat or concern, and advise how to use spam/junk/block filters in email to prevent similar messages from the same source and/or domain. If necessary, alerts will be communicated to the University community. ITS will restrict the sender and contact third-parties about spam/phishing depending on the circumstance.
Forward as an Attachment
All suspicious emails should be forwarded as an attachment (not just forwarded) to firstname.lastname@example.org. Forwarding as an attachment allows ITS to view important header and routing information for the suspicious email.
How to forward an email as an attachment
Phishing Attempts at WVU
See examples of recent phishing attacks made on WVU user accounts and learn know how to identify and avoid future attacks.