Current Security Alerts

A "Double Barrel" phishing email is circulating campus with a subject similar to Urgent request or Immediate request. The initial email in the attack simply asks, "Available?" or "Are you on campus?" and will appear to come from a coworker, though the email will likely be incorrect. These initial emails usually won't contain any malicious links or ask you to do anything compromising.

A short time later, another email will be sent by the attacker pretending to be a coworker describing an urgent scenario claiming that normally they would call, but they are stuck in a meeting, at a conference out of town, etc., and cannot be reached by phone They will then ask for help with something very important and say that they will be in touch in another email shortly.

All of these emails (the first barrel) prime the victim with a plausible narrative and earn their trust so they they might fall for the final email (the second barrel), where the attacker uses that trust relationship to convince the victim to give up data, money or perform some other risky task.

As always, if you receive a suspicious email, submit it to itso@vt.edu and abuse@vt.edu. Include the mail headers of the phish message using the instructions found here.

A series of email phishing scams circulated the university in April that purported to originate from several fake VT email addresses. The email contents varied, but most contained a link to a convincing fake copy of the VT Login page. If a user entered their PID credentials, those credentials would be stolen and the user would be socially engineered to bypass VT's 2-factor authentication, Duo.

As a reminder please report phishing scams to both abuse@vt.edu and itso@vt.edu.
Screenshots of the phishing scam are below.

Signs of forgery:
1) Incorrect URL that is not from a vt[dot]edu address
2) Incorrect font used for “Login Service.”
3) Links in the top navigation bar do not work.

Mission Statement

Our mission is to provide technology tools and services, education, awareness, and guidance necessary to all Virginia Tech users to work towards a safe and secure information technology environment for teaching and learning, research, outreach, and the conduct of university business.