If you’re reading this, you may have spotted October’s test phishing email! This email was sent as part of the Secure UD “Take a BITE out of phish!” campaign, a University initiative to raise our community’s awareness about phishing attacks, their consequences, and how to avoid becoming a victim. As part of the campaign, random samples of employees will receive a harmless test phish (like this one).

So, what’s so phishy about this email? Let’s break it down:

  1. Check the sender. If the “from” address is unfamiliar or not recognizable, take a few extra moments to carefully examine the contents of the email message. In this case, if an email purports to be from UPS, check the email address to make sure it ends in “@ups.com”.
  2. Don’t believe in names and logos alone. Cyber criminals may include real names, logos, and other information in their emails to more convincingly impersonate an individual or group that you trust. Just because an email contains a name or logo you recognize doesn’t mean that it’s trustworthy. In this case, the email contains a logo that is similar to the official UPS logo, but it is not exactly the same.
  3. Look out for grammar and spelling errors. Scam emails often contain typos and other errors – which is a big red flag that it probably did not come from a legitimate source.
  4. Do your own typing. Use your favorite search engine to look up the website or phone number yourself. Even though a link or phone number in an email may look like the real deal, scammers can hide the true destination.
  5. Be cautious about opening attachments or clicking on links in emails. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net). If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly.

Always exercise caution; if you receive a suspicious request for your personal information, instructions to visit a suspicious website, or see a suspicious attachment, forward it to reportaphish@udel.edu.

October is National Cyber Security Awareness Month (NCSAM), any employee who forwards a phish and/or completes Phase II of Secure UD Training this month will be entered into a prize drawing during the November Tech Fair.

And always, Think B4 You Click!