This phishing scam was reported by several people who commented that it bypassed spam filters for in their UD email.
This scam is pretty obvious, but all it takes is one person to see that “Attention:” greeting in an email allegedly from the “@udel.edu IT Help Desk,” and click the link, and the scammers will have what they want — another email account to use and possibly personal information to steal.
What are the tell-tale signs?
- “udel.edu” is not used by the University as if it were a regular adjective or proper noun. #UDel is used in social media, but otherwise, all official notices from the University of Delaware refer to “the University of Delaware,” “the University,” or “UD.”
- Grammar, punctuation and capitalization errors abound.
- The email contains the standard phishing ploy of asking you to click a link to confirm your account. No reputable organization will ever do that.
- Our IT Support Center will not send you email with a bit.ly link in it — those are used too often to hide a malicious link. Oh, but if you inspected the link, you’d see it get’s even murkier — that apparent bit.ly link really goes to a very strange non-UD link.
If you saw this scam, we trust you deleted it. If you fell for the scam, change your UDelNet password ASAP.
And yes, this phish probably was sent using a stolen or hacked UD email address. If the person whose account was used had two-factor authentication (2FA) turned on, his or her account would probably not have been stolen!
And, remember,
Think B4 U Click!