W&M student email accounts have been targeted in recent phishing attacks.
There have been a high number of phishing emails targeting W&M students recently. Emails sent to WMApps email accounts (@email.wm.edu) have told students to take action to reset or validate their accounts, and directed them to another site to enter their login credentials and password. The phishing emails made many different claims, including that students had met storage capacity, were experiencing unusual activity, or were in danger of having their accounts shut down. A number of students responded to the attack, prompting more phishing messages to be sent.
If you believe you may have answered the phishing message, please reset your password immediately!
Here are some ways to avoid phishing attacks:
- Be wary of the content of emails. Look out for spelling and grammar mistakes, and emails sent during weekends and holidays, when phishers know IT offices are closed.
- Know where the message is coming from. Click the "from" address to see if the sender has a W&M account. Do not just trust the address line. If you are directed to a login page, make sure it is a W&M page.
- Do not respond to emails asking for your password or blindly log into new pages. W&M IT only asks for your password for major, predictable updates, including your annual password change, authentication and phone location verification.
- If you are in doubt, forward the email in question to firstname.lastname@example.org. If you believe you have received a phishing message, please follow these steps:
- Sign in to WMApps account
- Open the phishing message
- Click the down arrow in the top right of message, next to the Reply button
- Select "Report Phishing"