Reminder from IT: Only you should know your password

WVU Medicine Information Technology (IT) team members will not ask you for your password, even if you have requested support for an issue you are experiencing.

If you receive a call from anyone claiming to be from IT and the caller is requesting your password, it is appropriate to hang up the phone. Please call the Help Desk to report the incident.

If you receive an unsolicited email claiming to be from IT and requesting that you download software to eliminate viruses or update antivirus software or any software, please call the IT Help Desk to verify the validity of the email. Patches to our antivirus software and our Windows operating system are performed automatically, without the need of a user ID or password.

IT recently conducted a phone call test that involved an unsolicited call from an imposter claiming to represent IT asking for employees' user IDs and passwords. More than 20 percent of WVU Medicine employees complied and compromised their passwords, giving access to any information available to the employee. 

IT also conducted a spear phishing email test and approximately 8 percent of WVU Medicine employees that received the unsolicited phishing email clicked on the link and entered their user IDs and passwords. This also compromised their passwords. (IT has ensured that these passwords have been changed.)

WVU Medicine does have security controls in place to block SPAM and viruses, but there are always new variants that may bypass the SPAM filters.

Only you can protect your password from imposters.  

Please make sure that your password is a phrase like T#eladyLove5apples. Mixing capital letters and special characters in the middle of the password makes the password more complex. Avoid passwords like "SeasonYear" (e.g. Winter2015), which are easy for hackers’ programs to break.

Never share your password with anyone.

Please contact Tareva Palmer, chief information security officer, questions.