If you’re reading this, you may have spotted May’s test phishing email! This email was sent as part of the Secure UD “Take a BITE out of phish!” campaign, a University initiative to raise our community’s awareness about phishing attacks, their consequences, and how to avoid becoming a victim. As part of the campaign, random samples of employees will receive harmless test phish (like this one).
In this post, we dissect this phish to show you what you can expect when you join us to “Take a BITE out of phish!”
Here are some clues that could have helped you identify that this email is phishy:
- Check the sender—This email uses a generic non-UD sender. This is a sign that it is a phishy email.
- Generic content—If an email claims to come from a legitimate organization, they will use specific language. In this message they claim you can win a gift card to a mall but fail to specify which mall. Grammar and punctuation errors should be very rare.
- Hover to discover—Taking the time to hover over the link (instead of clicking it right away!) reveals that it goes to a suspicious address.
- Don’t let them rush you—Cybercriminals may use threats or a false sense of urgency to trick you into acting without thinking. Don’t let urgent messages deter you from verifying a message.
- It’s in the details—In more sophisticated phishing emails the clues are in the details. If you look at this P.O. Box address it should raise your suspicion. If you check standard P.O. Box address formats, this number is far too long.
Did you spot this phish in your inbox? Did you send it to firstname.lastname@example.org? If you did, congrats, and thanks for your diligence! If not, keep an eye out—you might spot a test email in the future!
Help Secure UD—”Take a BITE out of phish!”
Be aware of the threat
Identify the warning signs
Tell us about suspicious messages
Erase phish from your inbox