Several people notice this phish swimming into their UD inboxes this weekend:
From: "UD Team" <xxxxxxx@udel.edu> Date: Jun 11, 2016 4:50 AM Subject: intruder To: Cc: There have been a security breach in your webmail account Kindly click on the link below to verify your identity. http://anonlink.com/udel-secure Sincerely, UD Team
You know to delete messages like this one, right? Some key points:
- Grammar errors and typos are often signs that email is suspicious. There are two in the first sentence alone (“There have been a security breach” [sic], missing period at end of sentence).
- No reputable organization will ever send you a message asking you to click a link to verify your identity. If a message asks you to click a link to verify your account, you know it’s up to no good.
- Just because the link it asks you to click has “udel-secure” in it, doesn’t mean that it’s safe to click. If UD needed you to click a link, the link would be to a udel.edu web address, not an anonlink.ccom address.
- “But this email came from a udel.edu email address,” you might say. Email addresses are easy to spoof. And hackers are finding it too easy to compromise email accounts by either phishing for usernames and passwords or guessing weak passwords. In fact, some of the most successful phishing scams make you think that the email is coming from someone in your organization. In this case, the message came from a compromised udel.edu email account.
Think B4 U Click!