Phishing Alert: University of Delaware logo does NOT mean email is legit

A new phish swam into UD inboxes this morning, claiming that your email account has exceeded its “storage limit” and that your account will be deleted unless you click a link to verify your account. We know that doesn’t quite make sense, but at least one recipient fell for this one.

How can you tell this message is a phish?

• If email contains a copy of an official logo, that does NOT mean the email is legitimate. In this case, a scammer scraped the UD primary logo from a public Web page.
• The wording sounds like it’s not written by a native speaker of English. “We hereby announce to you” and “mails” are the clues here.
• The link in the message does NOT go to a udel.edu link.
• It uses the old “quota” or “storage limit” ruse as the hook.

  If you are using the standard UD Google Apps for Education email system–either by logging in to googleapps.udel.edu or using a desktop email client that points to googleapps.udel.edu, your account does NOT have a quota.

  

  Click this image to see a larger version of the image.

  If you are using the UD central Exchange email system, you can check your quota within Exchange (directions for doing so, depending on the version, courtesy of MIT) or by logging in to your account using Outlook Web Access and hovering your mouse over Inbox as shown in the image to the left.

• But above all else, why would you click a link like that without verifying the information in the email message?

  Think B4 U Click!