If you’re reading this, you may have spotted July’s test phishing email! This email was sent as part of the Secure UD “Take a BITE out of phish!” campaign, a University initiative to raise our community’s awareness about phishing attacks, their consequences, and how to avoid becoming a victim. As part of the campaign, random samples of employees will receive harmless test phish (like this one).
Let’s dissect this email and see what makes it so phishy:
- Check the sender. If the “from” address doesn’t match the alleged sender of the email, or if it doesn’t make sense in the context of the email, things should start looking phishy.
- Don’t let them scare you. Cyber criminals may use threats or a false sense of urgency to trick you into acting without thinking. If an email threatens you with consequences for not doing something immediately, step away and take a moment to think it over. If you’re truly concerned, call or speak to someone from the company in person for clarification.
- Check the links. Always verify that link addresses are spelled correctly, and hover your mouse over a link to check its true destination. Beware of shortened links like http://bit.ly, http://goog.le, and http://tinyurl.com.
- Don’t open suspicious attachments. Some phishing emails try to get you to open an attached file. These attachments often contain malware that will infect your device; if you open them, you could be giving hackers access to your data or control of your device.
Always exercise caution; if you receive a suspicious request for your personal information, instructions to visit a suspicious site, or see a suspicious attachment, forward it to firstname.lastname@example.org.
Help Secure UD – “Take a BITE out of phish!”
Be aware of the threat.
Identify the warning signs.
Tell us about suspicious messages.
Erase phish from your inbox.
and always, Think B4 You Click!