Phishing is the act of cybercriminals trying to trick you via email into providing your Radford University credentials or payment.  Follow these steps to protect yourself and your inbox:

  • Always look at the sender email address, not just the sender name.  It's easy to spoof the name, but harder to spoof the email address.
  • If an email ended up in your junk mail, it's probably because it's spam or spoofed to look like someone else sent it.
  • Does the email generate a sense of urgency?  Usually this is a tell-tale sign that it's a phishing email trying to speed past your better judgement.
  • Radford University Division of Information Technology (DoIT) will NEVER ask for your password.

Common Phishing Themes


  • Cybercriminals regularly pretend to be department chairs, deans and directors and will email faculty and staff asking if they are available.
  • Response to the cybercriminal will result in the criminal requesting gift card numbers (so that they can give them as gifts).
  • If you purchase the gift cards and email the numbers to the cybercriminal, you could potentially lose that money.
  • If you've fallen victim to a gift card scam, please contact immediately.


  • Cybercriminals will often email you a threatening email that they've been spying on you, demanding a ransom.  They may even include an old password of yours.
  • These passwords are usually discovered when other sites (i.e. LinkedIn) are compromised and the accounts published online.
  • Rest assured that these individuals never had access to your computer.
  • You can safely ignore and delete these emails.

Shared Files

  • Cybercriminals will share a file with you, such as a class schedule or payroll information.  When you click on the email you'll go to a look-a-like Microsoft Office365 webpage.
  • Always look at the URL when clicking on a link.  If it's not *, it's not really Microsoft Office365.
  • Report emails such as these to so that IT Security can block malicious websites such as those.

IT Helpdesk

  • These emails inform you that the IT Helpdesk is going to disable your email unless you click a link and login to cancel the deactivation.
  • This email generates a sense of urgency to trick you into providing your credentials.
  • Report emails such as these to so that IT Security can block malicious websites such as those.