Earlier this year, we wrote about W-2 spearphishing in which scammers impersonated a high-ranking member of an organization and asked for employee W-2s in an attempt to steal their personal information.

Today, a member of the University community forwarded a similar scam to reportaphish@udel.edu.

The email exchange reflects a recent change in the strategies being employed by phishers (read from the bottom up):

Read from bottom to top

  1. It’s blurred out, but this scammer used a spoofed email address to make the message seem more credible. Even if the email address appears to be legitimate (for example, it comes from a domain you expect), you cannot always trust that the sender of an email is who they say they are.
  2. Note how the first email is casual, friendly, and unlikely to raise any red flags. Scammers are starting to use this approach to catch potential victims off guard.
  3. The scammer tries to hurry the potential victim into doing something. Phishing emails frequently create a false sense of urgency in an attempt to make you do what they want before you realize something is wrong.
  4. The final, entirely blurred email is when the “ask” would occur. The ask is when the scammer finally lets you know what they want. Of course, they continue to pretend to be legitimate at this stage. This email is when the scammer finally goes in for the kill; an unsuspecting victim may divulge very important information or payment, surrender control of accounts, or compromise their device. Some scammers target organizations for W-2 files, checks, and wire transfers.

Don’t fall victim to scams like this one. If you receive an email that you think is suspicious, forward it to reportaphish@udel.edu.

Take a BITE out of phish!