Oh no! A phish!

Phishers are out there and they want your password.  Their tatics become more and more deceptive every day. 

Past phishing emails sent to WMApps email accounts (@email.wm.edu) have told students to take action to reset or validate their accounts, and directed them to another site to enter their login credentials and password.  They have made many different claims, including that students have met storage capacity, were experiencing unusual activity, or were in danger of having their accounts shut down. When students respond to an attack, even more phishing messages are sent.

If you believe you may have responded to a phishing message, please reset your password immediately!

Here are some ways to avoid phishing attacks:

  • Be wary of the content of emails. Look out for spelling and grammar mistakes, and emails sent during weekends and holidays, when phishers know IT offices are closed.
  • Know where the message is coming from. Click the "from" address to see if the sender has a W&M account. Do not just trust the address line. If you are directed to a login page, make sure it is a W&M page.
  • Do not respond to emails asking for your password or blindly login to new pages. W&M IT only requires you to login for major, predictable events, including your annual password change and during the annual authentication period.
  • If you are in doubt, forward the email in question to [[support]]. If you believe you have received a phishing message, please follow these steps:
    1. Sign in to WMApps account
    2. Open the phishing message
    3. Click the down arrow in the top right of message, next to the Reply button
    4. Select "Report Phishing"