Phishers appear to be hitting the University community hard. Over the past week, we’ve received several reports of a variety of spear phishing messages that target members of the University community. These emails are not part of the phishing test; these are real attacks on the University community.
The first email claims to come from “UD Team” (a vague term intended to trick you into believing the email may be legitimate) and mentions 2016 security activities. However, the link provided goes to “cutt.us” rather than to a udel.edu address. Note the “/udel-secure” at the end of the URL; that’s another attempt to trick you by using University-related terms. Always check the portion of the URL right after the “http://” and make sure it’s a udel.edu domain.
The second email claims to come from the IT Support Center, which is actually a real University entity. However, notice that the content of the email is extremely uncharacteristic of anything the University would send. First, your Google Apps at UD account does not have a storage quota. Any email telling you that your inbox is almost full is a scam. You can also check the numbers in the email against the actual amount of data stored, which is shown at the bottom of each email page in your Google Apps at UD account. The link provided in the phishing email above goes to a “tinyurl.com” address to disguise the actual destination. IT will always send you email containing full, real links or links created using UD’s proprietary microlink service (these links appear in the form “http://www.udel.edu/00000”).
The third email claims to come from HR and show that “documents” that have been shared with you. Note the poor wording used in the message; it’s clearly not an official notification from any DropBox service. The link in the image goes to “reguaphotoagency.com” rather than to a udel.edu address or to DropBox, instantly proving that the email is a scam. Always verify links before you click on them!
As always, IT urges the University community to remain vigilant for phishing scams. Hackers are constantly attempting to steal your personal information as well as gain access to the University’s information and systems. We all play a part in protecting those valuable resources—and ourselves—from harm. Remember, you are a target. Information security is everyone’s responsibility.