We’ve received several reports this morning about a new phishing attack on UD email accounts:
Click image to see larger version of this phishing scam seen at on UD March 26, 2015.
The hackers have taken the time to tailor the message to lure members of the UD community to bite: The scammer claims the sender is “UD Web Portal,” signs it “UD Web Portal,” and makes the link you would follow if you followed the invitation to “kindly click here” contain both “udel” and “edu” (as shown when you inspect the link in this message). Note that it’s not a legitimate “udel.edu” link.
In addition to these attempts to trick UD folks into thinking this is a legitimate warning, this scam contains all the elements of a standard phishing scam:
- The lure: Phishing always tries to make you think “This is urgent!!” so that you respond quickly–without thinking. In this case, the threat is that “we may have to close your webmail account permanently.” This scam feigns the professional and polite diction of someone trying to get people to act quickly but without panic.
- The hook: The scammer wants you to react to the lure and swallow the hook by following that link where you’ll verify “proof of ownership”–in other words, where you’ll be asked to provide confidential information about you or your UD email account. By now, you know that no legitimate organization is going to send you email asking you to provide confidential information by just replying to the email or clicking a link. Right?
- As you ask yourself questions about this email message, you’ll see that it exhibits other classic tell-tale signs that it’s a phishing scam and not a legitimate UD warning:
- If my account is in danger, why is the note not addressed to me–why am I a bcc:ed recipient?
- The message spells all the words correctly, but would a real warning have multiple non-standard spacing and grammar issues?
- The message threatens to close my email account permanently. How can they do that? All UD employees and students have email during their time at UD!
- What the heck is the “webnode” website, and why are they sending me there instead of to a “udel.edu/something” website?
- Why is someone with an email address at usc.edu writing me about my UD account?
Note added April 14: Another variant of this scam arrived at UD on April 13 using a spoofed/stolen udel.edu address. The rest of the caveats on this list should still indicate to you that this message is a phishing scam! - How can I verify that this information is accurate? I don’t see a reference to a legitimate UD Web page or to a UDaily article where I can verify that I need to “kindly click here.”
It’s not the strongest of phishing scams we’ve seen. But it swam through a lot of people’s spam filters this morning. It contains just enough urgency and tailoring for UD that some people may react without thinking, click the link, and surrender account information at the scammer’s website.
See this message? Just delete it.