June 1 Phish

Several dozen UD people reported this phish on June 1. Click to see full size image.

This phishing scam is, at first glance, almost convincing. But if you think for just 20 seconds, you’ll recognize it for the phishing scam it is.

  • This scam is spear phishing aimed at UD users. Check out the low-res copy of a UD logo.
  • If you hover your mouse over either of the links in the message, you’ll see that they actually go to the site greenbus.kz. A notice from the IT Support Center would point at a udel.edu website.
  • The file name at the greenbus.kz site mimics the URL of an actual UD website. Don’t be fooled by this old trick!
  • Why are they notifying you at 3:55pm EDT about something that allegedly happened at “05:52 AM (MDT)”? Legitimate notices of unrecognized activity usually come out within minutes.
  • And why would a notice about something happening in Manassas, VA, come with a time stamp in Mountain time?
  • Why is someone at “d11.org” sending you email about what “help desk” reports? And remember, UD IT’s point of contact is called the IT Support Center.
  • The text sounds pretty convincing. But there are a few grammar and formatting mistakes in the note: a missing article, some non-standard capitalization, the phrase “at Here” [sic], etc.

If you received this message, just delete it.

If you receive an email about your UD account or any personal or confidential information, inspect the message carefully. If you have any doubt about the message’s authenticity, contact the alleged sender using published directory information, forward the email to reportaphish@udel.edu, contact your departmental IT staff, or contact the IT Support Center.

As always, Think B4 U Click!