Avoid phishing attacks - know how to spot an email scam

From: Division of Information Technology

Phishing attempts targeting university students and employees are common. These emails attempt to get you to share personal information such as passwords, bank accounts, and information that can be used for nefarious purposes. 

Recent phishing attacks circulating at Virginia Tech

Account Termination Scams

Some users have received emails with the subject line “URGENT VT ALERT" (or similar), which appear to come from Virginia Tech accounts. These phishing scams claim that your VT EDU account is on the verge of being terminated and urges you to click a link to halt this process. Remember, Virginia Tech will not handle account issues through such emails.

Fraudulent Job Offers

Another scam involves emails, also from what appear to be Virginia Tech accounts, offering lucrative, work-from-home jobs requiring minimal hours. These emails may ask you to click a link to apply, or to respond with personal information. Various versions of this email scam have circulated over the past few years. 

The IT Security Office has determined that some of these phishing emails are coming from compromised Virginia Tech email accounts.

Know the telltale signs of phishing scams

The best way to avoid getting phished is to know what signs to look out for. These are some common traits of phishing attempts:

• The sender does not match the source of the email (e.g., the email claims to be from Virginia Tech, but does not come from "@vt.edu")
• Links look suspicious and/or do not match the actual URL destination
• It requests personal information such as usernames and passwords (Virginia Tech will never ask you to share your username or password via email.)
• The message contains unprompted requests to change or update passwords
• The message uses unusually formal language or odd grammar
• The message uses scare tactics or creates a sense of urgency to provide information 
• There are unexpected attachments
• Something just seems off about the message (i.e., trust your gut)

What to do if you receive a suspicious email:

• Do not reply.
• Do not click any links or open attachments
• Self-report the phish through your email client (i.e., Gmail or Outlook).

Remember, never share your VT username and password with anyone. Virginia Tech will never ask for your username and password through an email— if you receive such a request, it is fake.

If you suspect that your account has been compromised or experience any suspicious activity, such as a 2-factor authentication request that you did not initiate, please report the incident immediately.

We encourage the university community to review the following resources to help protect against phishing attacks: 

• How to protect against phishing attacks from the 4Help Knowledge Base.
• How to detect phishing and “spear phishing” from the Division of IT.
• General Cybersecurity Awareness resources from the Division of IT.