Now that the holiday frost has lifted, phish are once again finding their way into UD waters. We’ve caught a fairly standard one today.
The sender’s email address stands out right away. Yandex is a popular Russian internet company, and its services are often used to send spam and phishing emails or to register spam accounts on networking sites. The yandex.com domain is pretty clearly out of place for an email that claims to come from UD IT.
The actual message is written in typical phisher style, which is to say poorly. It’s conversational and reads as though it were written by a non-native speaker, which is one of the big warning flags for identifying phishing emails. The email tries to persuade us to download an “important update” for Outlook. It seems that the phisher’s trying to broaden the range of possible victims by choosing popular software as click bait.
The signature is also atypical for UD communications, and it uses a made-up group name in the hopes that people won’t know IT that well.
The udel link actually seems to go to UD’s home page, but the download link is definitely unsafe. Hovering the cursor over the “CLICK HERE” link reveals a darklooklive.info page instead of to a UD or Microsoft page (remember, they’re claiming that this is for an Outlook update). UD will never direct you to a third party Web site for information or updates unless that site is an obviously reputable source (such as a major software vendor or a government security agency).
As always, if you see this phish in your inbox, delete it right away. Identify the warning signs of phishing emails, and think before you click!