Even though this spear phishing scam directed at UD is not the strongest one we’ve seen lately, we know that at least one of you will click the link and surrender your UD credentials to the miscreants who sent this email.
How can you tell this email message is a scam?
- Why would a message about your UD email account allegedly be sent from someone in Belgium?
- The first line of the message contains two typos: “univerisity” [sic] and “it’s” [sic – “Its” is the possessive–no apostrophe.].
- The second paragraph contains a link to “FOLLOW HERE” [sic] that would take you to a link allegedly housed in the Tokelau region of New Zealand (.tk). True, the scammer put some UD sounding things in the URL, but when you receive email about account maintenance, you should only trust URLs whose hostname (the part after the http:// portion of the URL) ends in udel.edu (e.g., http://www1.udel.edu).
- The third paragraph has nothing to do with the first two. It’s techy-sounding gobbledy-gook aimed at intimidating you into clicking the link.
- The message contains a copyright notice–it must be legit! NO! Legitimate messages from the University will contain links to UDaily articles or web pages to help the recipient verify the message. And they should also include contact information you can use to verify the authenticity of a message. In short, tacking on a copyright notice does not legitimize an email scam.
Always be suspicious of email that includes a link to verify or change a feature of your UD account. Check the URL. Contact the your college or departmental IT staff or the IT Support Center, firstname.lastname@example.org or (302) 831-6000, if you are unsure. And, as always…
Think B4 U Click!