Oh no! A phish!

Phishers are out there, and they want your password.  Every day, their tatics can become more and more deceptive. 

Past phishing emails sent to WMApps email accounts (@email.wm.edu) have told students to take action to reset or validate their accounts and directed them to another site to enter their login credentials and password.  They have made many different claims, including that students have met storage capacity, were experiencing unusual activity, or were in danger of having their accounts shut down. When students respond to an attack, even more phishing messages are sent.

If you believe you may have responded to a phishing message, please reset your password immediately!

Here are some ways to avoid phishing attacks on your WMApps account:

  • Be wary of the content of emails. Look out for spelling and grammar mistakes, and emails sent during weekends and holidays, when phishers know IT offices are closed.
  • Check where the message is coming from. Click the "from" address to see if the sender has a W&M account. Do not just trust the address line. If you are directed to a login page, make sure it is a W&M page.
  • Do not respond to emails asking for your password or blindly login to new pages. W&M IT only requires you to login for major, predictable events, including your annual password change and during the annual authentication period.
  • If you are in doubt, forward the email in question to [[support]]. If you believe you have received a phishing message, please follow these steps:
    1. Sign in to WMApps account
    2. Open the phishing message
    3. Click the down arrow in the top right of message, next to the Reply button
    4. Select "Report Phishing"

For more information on phishing and more tips to identify it, read here.