We’re starting off the week with a spear phish. This one looks well-researched, but there are some flaws that give it away as a scam.
The email uses UD information, such as the correct address, but it incorrectly titles IT the “Department of Information Technology.” The email also begins without a salutation using the recipient’s actual name and contains some grammatical errors. The pretense is a “security update” following a “breach.”
If we look at the sender, we notice that it contains “udelaware.edu” (which is incorrect to begin with), but the real domain is “secureoffshorelogin.com.” This is another example of phishers trying to trick potential victims by hoping that the mere inclusion of UD-like addresses will be enough for some people to trust the email.
The link is shortened using bit.ly, meaning the recipient can’t determine its actual location. IT will not send mail using bit.ly links. The link reportedly goes to a fake CAS page that attempts to capture victims’ credentials.
Remember, never click unverified links in email, and always check the addresses to make sure that the information and pages are legitimate. Branding and language alone do not verify that an email is legitimate.