The phishing scams are back. This one is better than most, but it’s definitely fake.
This phish was reported to us with the HTML written in plain text, so I’ve recreated the email minus the gibberish and plus the formatting.
First, the email opens with a generic greeting that uses some odd formatting. The words are all capitalized, and the “Dear All” is uncharacteristic of University correspondences.
The message has some grammatical errors, and it also uses British English (see “recognise” and “Centre” in the last paragraph). Last I checked, we’re on the western end of the pond, so we’re using American English.
The provided link directs you to http://nss.udel.edu.passfans.ir/, which is a carefully replicated version of a legitimate UD domain. When you read URLs, the domain will always be followed by a “/” and the rest of the URL. UD’s legitimate domain is “nss.udel.edu,” but the domain in message’s link ends in “passfans.ir.” Always read the domain until the backslash; phishers will use periods and misspellings to mimic legitimate URLs and trick unsuspecting users.
This phish is dangerous precisely because it seems so real. It uses UD information and attempts to recreate a UD website, but careful reading exposes this as an elaborate scam.