If you’re reading this, you may have spotted August’s test phishing email! This email was sent as part of the Secure UD “Take a BITE out of phish!” campaign, a University initiative to raise our community’s awareness about phishing attacks, their consequences, and how to avoid becoming a victim. As part of the campaign, random samples of employees will receive harmless test phish (like this one).
Let’s break down what makes this email so phishy:
- Check the sender. If the “from” address doesn’t match the alleged sender of the email, or if it doesn’t make sense in the context of the email, something may be phishy.
- Don’t open suspicious attachments. Some phishing emails try to get you to open an attached file. These attachments often contain malware that will infect your device; if you open them, you could be giving hackers access to your data or control of your device. If you get an unexpected or suspicious attachment in an email, something may be phishy.
- Check the links. Always verify that link addresses are spelled correctly, and hover your mouse over a link to check its true destination. Beware of shortened links like http://bit.ly, http://goog.le, and http://tinyurl.com. If an email links to a suspicious website, something may be phishy.
- Don’t believe names and logos alone. Cyber criminals may include real names, logos, and other information in their emails to more convincingly impersonate an individual or group that you trust. Just because an email contains a name or logo you recognize doesn’t mean that it’s trustworthy. If an email misuses logos or names, or contains made-up names, something may be phishy.
Always exercise caution; if you receive a suspicious request for your personal information, instructions to visit a suspicious site, or see a suspicious attachment, forward it to firstname.lastname@example.org.
Help Secure UD – “Take a BITE out of phish!”
Be aware of the threat.
Identify the warning signs.
Tell us about suspicious messages.
Erase phish from your inbox.
and always, Think B4 You Click!