This afternoon, several concerned UD email readers reported the phishing scam shown here. It’s a pretty obvious one:
You didn’t fall for this phishing scam, did you?
- Link goes to a non UD site but tries to make a sloppy reader think that the site is legitimate–The URL begins with “udelsecure.” Sure doesn’t end “udel.edu,” does it?
- No legitimate organization will ever ask you to click a link to verify your information.
- The language is vague. And so is the “suspicious” subject line.
It’s a weak attempt at spear phishing, trying to use information about you and our organization (the University) to trick you into surrendering your account information. There’s even a veiled reference to June’s phishing test! This hacker has also tailored some of the language to our campus (e.g., UD, UDel Secure) and taken the time to steal several UD email accounts to send these phishing messages.
Most of us recognize this message for the scam that it is and delete it. But all it takes is one or two people to provide the scammer with their UDel credentials, and then those accounts could be compromised and used for future spear phishing scams like this one.
Bottom line: See a message like this one? Delete it.
Think B4 U Click!