If you’re reading this, you may have spotted April’s test phishing email! This email was sent as part of the Secure UD “Take a BITE out of phish!” campaign, a University initiative to raise our community’s awareness about phishing attacks, their consequences, and how to avoid becoming a victim. As part of the campaign, random samples of employees will receive harmless test phish (like this one).

In this post, we dissect this phish to show you what you can expect when you join us to “Take a BITE out of phish!”

Here are some clues that could have helped you identify that this email is phishy:

  1. Check the sender—This email uses a generic non-UD sender. This is a sign that it is a phishy email. If you received an email from UD IT, you would expect for it to come from a udel.edu email address.
  2. Check for poor spelling and grammar—If an email claims to come from a legitimate organization, grammar and punctuation errors should be very rare. In this case, the sending address contains a typo, which is a big red flag that a hacker is using a fake address to imitate a real or seemingly trustworthy one.
  3. Check the salutation—This email claims to come from an authority (in this case, the IT Security department), but it begins with a generic salutation. Most organizations contacting you directly about something related to you or your account will use your name rather than “user.”
  4. Don’t let them scare you—Cybercriminals may use threats or a false sense of urgency to trick you into acting without thinking. Don’t let threats deter you from verifying a message, and be suspicious of any messages making these threats. Taking the time to hover over the link (instead of clicking it right away!) reveals that it goes to a non-UD address, even though the message claims to be about your UD email account.
  5. Don’t believe names and logos alone—Just because an email contains a name you may recognize doesn’t mean that it’s trustworthy. If you think a message like this may be legitimate, contact the alleged sender separately and verify it.

Did you spot this phish in your inbox? Did you send it to reportaphish@udel.edu? If you did, congrats, and thanks for your diligence! If not, keep an eye out—you might spot a test email in the future!

Help Secure UD—”Take a BITE out of phish!”