A wide variety of phish seem to be schooling in UD inboxes this week.

Several people in UD’s Psychological and Brain Sciences department got a phishing scam this morning with the subject “Important Document” and a one-line message “Please kindly see attached file.” The attached file is a PDF (shown below):

Malicious PDF file

This PDF is designed to get you to click that link and surrender your credentials. Fortunately, the scammer made it pretty obvious that this is a bogus file designed to get you to go to a hacked website (the obvious name of the file, non-fluent English, appeal to urgency, use of “Dropbox” name to sound convincing, etc.). But this scam presents a perfect example of why we urge you not to open unexpected attachments to email messages. And certainly don’t click links in unexpected attachments.

If you get email with an attachment you weren’t expecting, it’s always a good idea to check with the alleged sender, using published directory information, before even thinking about opening the attachment.

Oh, one other clue in this case. It’s mighty phishy to get email claiming to have an Important File addressed to a long list of email addresses — at UD, at the sender’s organization, CraigsList.com, other organizations…. The number of addresses in the “To:” field should make you suspicious.


Think B4 U Click!