If you’re reading this, you may have spotted June’s test phishing email! This email was sent as part of the Secure UD “Take a BITE out of phish!” campaign, a University initiative to raise our community’s awareness about phishing attacks, their consequences, and how to avoid becoming a victim. As part of the campaign, random samples of employees will receive harmless test phish (like this one).
Our community was highly successful in identifying our first two test phish (from April and May), so we upped the ante this time. June’s test phish is harder to spot, but there are three things, highlighted below, that marks this message as a potentially dangerous email.First, the email comes from “firstname.lastname@example.org.” Note that “secuirty” is a misspelling and that this is a generic, non-UD address. Although the email is signed “IT Security,” it doesn’t come from the University. In fact, it doesn’t claim to come from any recognizable organization, even though the body of the email references “our company.”
Hovering over the link reveals that it goes to the same suspicious “secuirty” domain.
You might have noticed that there aren’t any glaring spelling or grammatical errors in this email. Although these kinds of mistakes are often tell-tale signs of phishing attacks, not every phisher is so careless. Hackers and other cybercriminals are getting more careful and more sophisticated, and you can’t always rely on poor writing to be the warning sign. Always exercise caution; if you receive a suspicious request for your personal information, instructions to visit a suspicious site, or see a suspicious attachment, forward it to email@example.com.