It’s amateur week in the cybercriminal world, apparently.
This phish comes to us courtesy of a ticket filed by a member of the UD community. Note the vague, unprofessional opening and the poorly-written text that follows it.
The email tries to suggest that your account will be disabled because it was logged in (or, as the phish says, “Login”) to multiple devices. For those of you who have two computers, or who have accessed your email via your smartphone, you already know that multi-device login is a fairly common practice.
Although the email was sent to a Gmail user, the provided link does not point to a Google domain, which is a huge red flag. Instead, it points to a .co site. The “administrativeupgrade” slug in the URL also doesn’t make any sense in this context.
Even the little phish can pose a threat, though. Whether it’s something like this or a more professional phish, don’t click any suspicious links, and report phishing attempts to us at https://sites.udel.edu/phishing/report-a-phishing-scam/.
