IT staff have discovered an email phishing scam which ask the recipient to visit a web page that isn't controlled by VCU, and in turn enter their email address, username and password. Like many phishing scams, it takes advantage of the recipient's fear and present a sense of urgency.

The email has a subject of "Important: Email Account Verification Update!!". The sender may be someone with a VCU email address or it may be someone with a non-VCU email address. Several VCU users have fallen for it and their email accounts have been used to send the phishing scam email to more VCU users.

The email states that you have exceeded your mailbox storage quota and that you need to supply your login credentials to reactivate your account (which doesn't even make sense since you can see that you can still send and receive email).

Please note that if you use the Firefox browser to attempt to visit the web page that the phisher tries to get you to visit, it warns you "Reported Web Forgery!" and asks if you're sure that you want to visit the page. Internet Explorer does not.

Phishing scams often take advantage of the recipient's fear or greed and this one is no exception.

VCU's Technology Services staff and other VCU business units will never ask you to email your password. Per VCU's Password Standard:

Passwords must be kept secret and must not be shared.

and

Passwords must not be inserted into email messages or other forms of electronic communication...

If you receive this email, or one like it, please delete it and do not respond to it. If you accidentally respond, change your password immediately and contact the VCU Help Desk to notify them that your password may have been compromised.

To learn more about how phishing works, what phishers might ask for, how they'll try to get you to share info., signs of a potential attack and how to protect yourself, visit our Phishing page.

For additional information security news, tips and more, view our Twitter page via the Web or your handheld device.