Last night, a phishing scam arrived in some UD inboxes claiming that, due to an unsuccessful login attempt, the recipient needed to click a link to “Login [sic] to secure your device.”
As the screenshot shows, the link goes to a bit.ly link, not to a UD link. It turns out that bit.ly link points to a web page which contains javascript code that opens an iframe to a fraudulent site: approvedlogs.com/ebmeail/udel/.
This scammer has invested the time to spoof a udel.edu email address as the sender and to add a UD footer. But UD doesn’t have an entity named “ITS HelpDesk”–remember, our help desk is called the IT Support Center. And the directions don’t really make sense. How will clicking a link in this email message secure your computer or device?
Finally, this message demonstrates why we urge you not to send messages using third-party link shorteners like bit.ly and ow.ly. Third-party link shorteners are being used more and more by scammers to obfuscate the URLs of malicious websites.
Members of the UD community should consider using the UD μlink (microlink) service to shorten links. UD’s service offers more assurance to the recipient that the link is trustworthy because it requires UD credentials to create a μlink and because the service creates a link that begins www.udel.edu.