2015-06-01_1417In a modified account renewal scam, spear phishers are targeting UDel accounts. The email text (depicted left) informs users that UD’s email system is being upgraded and that the user needs to manually reset his or her account in order to keep it.

The phisher cleverly makes reference to “technical information” such as version numbers and admin status in an attempt to trick less tech-savvy users into thinking that this information is legitimate. It also includes a link that, at first glance, appears to go to a udel.edu address, but actually goes to a third-party site. However, the email still bears several hallmarks of bad phishing scams.

How to tell that this is a phish:

  1. The formatting, spelling, and grammar are unprofessional and not characteristic of official UD communications.
  2. The link goes to weebly.com instead of to a udel.edu domain. Watch out for bogus “udel-edu-[domain].com” links that try to trick you by combining familiar components like “udel” and “edu” in illegitimate ways.

Remember, official University emails will direct you to udel.edu addresses or will verify third-party addresses operated by University partners. UD will also not require you to divulge any personal information or take unanticipated steps to participate in a technical migration.

If you’re ever in doubt about the validity of an email or the information it contains, try to verify that information through University sources. If it still seems suspicious, ignore it.