If you’re reading this, you may have spotted September’s test phishing email! This email was sent as part of the Secure UD “Take a BITE out of phish!” campaign, a University initiative to raise our community’s awareness about phishing attacks, their consequences, and how to avoid becoming a victim. As part of the campaign, random samples of employees will receive harmless test phish (like this one).

So, let’s see what’s so phishy about this email:

  1. Check the sender. If the “from” address is unfamiliar or not recognizable, take a few extra moments to carefully examine the contents of the email message.
  2. Be suspicious. Always be wary about unsolicited email messages requesting financial payments or other information about staff, faculty, or students. This should be a major red flag – especially if you do not recognize the sender of the email.
  3. Pay attention to URL links. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net). If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information.
  4. Do not open suspicious attachments. Some phishing emails try to get you to open an attached file. These attachments often contain malware that will infect your device; if you open them, you could be giving hackers access to your data or control of your device. This email already provides a link to the “invoice”, the attached file only serves as bait for the curious user.

Always exercise caution; if you receive a suspicious request for your personal information, instructions to visit a suspicious website, or see a suspicious attachment, forward it to reportaphish@udel.edu. 

And always, Think B4 You Click!