Information Technology Services reminds all employees and students to know the signs of a phishing email to avoid falling for scams aimed at stealing your login credentials.
Recent attacks are targeting popular cloud applications like SharePoint and DocuSign, asking users to sign fake documents related to COVID-19. Read all information related to WVU’s COVID response.
Keep these tips in mind:
• Never click on any links or reply to a suspicious email. Call the person who appears to have sent the request by using their number in directory.wvu.edu, message them on Microsoft Teams or use a trusted email address that you know works.
• Avoid short or generic subject lines. Be suspicious of emails with subject lines like “Are you available?” “Are you free?” “Request,” “Hello,” or have a blank subject line.
• Ignore urgent or threatening messages. If an email asks you to make a payment using an unsecure method such as a wire transfer, money order or Bitcoin, or it wants you to purchase a gift card, don’t do it.
• Be suspicious if the “To” line doesn’t use your name. Hover over the reply email link to see where it really leads. Pay attention to whether it’s formatted the way you’d expect for a WVU address or website. If you’re using a mobile device, you can press and hold links to see that information. Never click until you know the link is safe.
• Avoid emails with invitations to join a service you already use. You already have a Zoom and Teams account and do not need to claim or reclaim these accounts.
Forward suspicious emails as an attachment to DefendYourData@mail.wvu.edu. Employees can also use the Report Message button in Office 365 to send it to ITS for review.