Today we’ve received several reports of phishing scams that are designed to trick users of UD’s Exchange service into clicking where they shouldn’t click. Two examples, with arrows pointing to the bad link:
Thanks to all the folks who used firstname.lastname@example.org to let us know about these scams. How’d they know?
- Why would we get email from someone at another university about a UD Meeting or about the UD “Staff portal” [sic]?
- When you inspect the links in both messages, you could be fooled since owa.win.udel.edu is part of both links. But note that in both cases, it is used as the name of a folder and of a filename on a non-UD server. The part right after the http:// or https:// is the web address for the server. Neither kave.crealpha.com or rabakalandpark.hu are UD computers! Don’t be fooled!
- One message even claims to by copyrighted by the University of Delaware. That’s an old trick to make you think the message is legit.
If you see messages like these, notify email@example.com. And above all else….
Think B4 U Click!!