Email Security

Email is one of the most successful and widely used attack methods. Hackers and cyber spies use it to infect computers to cause harm and steal personal private and sensitive information, including academic research and other intellectual property.

VMI Information Technology systems process over 100,000 inbound email messages a day. While 90% of those are identified as spam related and not delivered, a few still make it to their destination. 

To increase awareness of potentially suspicious email, IT staff implemented a process to tag messages that may be spam related or malicious in nature and require you to use extra care when opening. When a message appears to be suspect but cannot be confirmed to be so, its subject line will be prepended with “[OPEN WITH CARE]”. Since, Microsoft hosts cadet email externally, cadets will not benefit from this additional screening.

Be aware. Exercise care whether email is tagged or not.

Some examples of phishing email are provided. This impersonator is spoofing a VMI email user. In this case, the “From” email account is not in the address book. Notice the attachment.


Scammers can trick us into thinking that an email is coming from someone associated with VMI, but it is actually from an outside imposter. We are working to improve our malicious email detection techniques. You can do your part by asking yourself questions to help detect scam or phishing emails. 

  • Are you expecting the email? If you have not ordered anything recently then receiving an email from FedEx, other shipper, or vendor about a delivery is most likely a fake. Delete it.
  • Is the format of the email address appropriate? Think about the format of the email address it comes from. For example VMI uses a person’s last name and first and middle initial ( So an address with the format of or would most likely be a fake. There are exceptions, so when in doubt contact the Help Desk by emailing or call (540) 464-7643. See example below in the yellow box.
  • Are there spelling and grammatical errors? These errors are common in phishing emails.
  • Would you provide this information to a stranger on your doorstep?  Think about whether it is appropriate for this person to ask for this information and for you to provide it.  Remember VMI IT staff will not ask for your password.

This impersonator states that they are sending the email on behalf of using the DocuSign Electronic Signature Service. We do not use this service. Check the Outlook address book. is not in the address  book. Notice that the email contains an attachment. 


If it seems odd – think about it. If you are not sure, check into it. Contact the Help Desk at You are the first line of defense.

Since the Institute’s contact information is public, anyone with a computer can access the contact information and use it to telephone and send email. We need to be vigilant about providing sensitive information like social security numbers, financial account information with PIN, health and medical information and FERPA information only with proper authorization.

Should you ever receive these types of messages or any similar messages, please follow the procedures below:

  • DO NOT open the attachments.
  • DO NOT reply to the message.
  • DO NOT click on any links or attempt to “Download Pictures” within the email.
  • DO NOT provide the sender with any username, password, or personal information.
  • DELETE the message.
  • NEVER provide your personal information to anyone.

If you ever mistakenly:

  1. Click on links, you may be infected, contact the Help Desk, 
  2. Enter username/password information, please change your password immediately.

Shipping confirmation or inquiries, as well as banking scams are a favorite of those trying to steal personal information or compromise systems. Before you click, think about whether the email makes sense, are you expecting something of this nature. Their goal is to trick you into clicking on that malicious link or document, or providing sensitive information.

Do not open or click on the contents of the email if you are not sure, whether it is legitimate. When in doubt, call the Help Desk!