On this chilly Friday morning, several University of Delaware users found this suspicious email in their inbox. The email claims to come from the University of Delaware library and tells the user they are at risk of losing access to the library services. The email urges the user to click a link and login to “reactivate” their account. As you can guess, this email is a phishing scam and the link will take users to a compromised website that will put their computer and their information at risk.

Here’s a few red flags we noticed:

  1. The “from” email is not an @udel.edu email – instead, it comes from @gmail.com. If an email claims to come from the University of Delaware, the email address should match.
  2. The email uses “Dear User” instead of specifying each recipient by name. If an email claims there is something wrong with an account, they’re going to address you by name.
  3. The email urges you to click a link to “reactivate” your account before you lose access to library services. Phishing emails commonly instill a sense of urgency to compel users to click a link before they notice the scam.
  4. There are two different email addresses for the same person: sjacksonty@gmail.com and sjackson@udel.edu. The @gmail address is already a red flag, so seeing a different email address should alert you that something is definitely off. Also, a quick database search should show the only sjackson@udel.edu address belongs to someone with a different first name.
  5. Nowhere in this email is Morris Library mentioned.

Thanks to reports from a proactive faculty member, we were able to block the URL before any users were compromised. Again, if you get a suspicious email, forward it to reportaphish@udel.edu and remember: Always Think Before You Click!