Email Safety

It is important to be cautious about email correspondence and to protect your personal information.

The Virginia Department of Transportation (VDOT) will never ask for passwords or sensitive information, such as Social Security numbers, banking or credit card information. Email from VDOT employees will always reflect the domain, as in

Be wary of incorrect spellings of names, improper domains such as or and odd requests or threatening language such as your account will be terminated or please verify your password.

Criminals will often send ‘phishing’ emails that may appear to come from a legitimate person or government entity. ‘Whaling’ is another type of criminal attempt to impersonate a high-level official by using a false email domain.

Fraudulent emails may contain links to nefarious websites, and may threaten negative consequences for not following links and/or providing personal or financial information.

If fraud is suspected, the legitimacy of an email can be determined in a variety of ways, such as:

  1. Hover your cursor over the sender’s name to reveal the email address from which the message originates. Note any abnormalities or unrecognized elements.
  2. If the email comes from the name of a person you know, compare the new, suspicious email message to previous messages from that person. Note any discrepancies in the display or signature. Note whether the content contains a request or language that seems out of context.
  3. Call the sender to confirm they sent a message, using a phone number from your own address book or the State Employee Directory.
  4. Compose a new email to the sender, using an email address from your records or the State Employee Directory. Do not reply to the suspect email.

If you cannot verify the legitimacy of an email that appears to come from VDOT, or the domain or identity of the person contacting you, you are strongly urged to not click on any links. Rather, you should report the email to the Virginia IT Agency (VITA) Customer Care Center or to VDOT’s Office of Information Security, and then delete it.

This safety information is not exhaustive. Please visit the VITA Guide to Online Protection for additional tips and information.


Page last modified: Dec. 1, 2022