The latest phish reported at UD is a fake security notice with the subject heading “Important Information from TIAA-CREF.”
This phish was convincing enough that we had to call TIAA-CREF to confirm that this message is a scam.
This fraudulent email masquerades as a security notice from TIAA-CREF. But hover your mouse over the first link and look where it would go! (Click image to see it full size.)
In a phone conversation on April 9, 2015, a TIAA-CREF representative confirmed that the link to onlywood.in is phishy. That company is NOT one of their subcontractors.
Further, this message has gone to some UD departmental and shared inboxes–why would TIAA-CREF send a notice to an entire department when only certain UD employees are TIAA-CREF customers?
And if you look more carefully, you’ll see a typo towards the end of the message and inconsistent formatting of the headers in the message–signs that this email probably did not go through a major company’s quality control procedures.
What can you learn from this scam?
- Always be vigilant! Even if email looks legit, inspect the links before you click any of them.
- Sage users will be extra safe and not click any of the links, instead going directly to the TIAA-CREF website and logging in. Only log in to a URL you know and trust when dealing with any financial or confidential information.
- Report attempts at fraud to the institution who allegedly sent the phishing scam. We have notified TIAA-CREF in this case.
- Bottom line: Think B4 U Click.
By the way, if you had clicked on the fraudulent link while on campus, you would have seen a page alerting you to the fraudulent nature of the website.