Did you spot January’s Secure UD Phishing test?

If you’re reading this, you may have spotted January’s test phishing email! This email was sent as part of the Secure UD “Take a BITE out of phish!” campaign, a University initiative to raise our community’s awareness about phishing attacks, their consequences, and how to avoid becoming a victim. As part of the campaign, random samples of employees will receive a harmless test phish (like this one).

What makes this email so phishy? Let’s break it down:

1. Check the sender. If the “from” address is unfamiliar or not recognizable, take a few extra moments to carefully examine the contents of the email message.
2. Don’t believe names and logos alone. Cybercriminals may include real names, logos, and other information in their emails to more convincingly impersonate an individual or group that you trust. Just because an email contains a name or logo doesn’t mean that it’s trustworthy. In this case, the email address wants you to think it’s from Netflix (ntflxstream.com) and uses colors and images similar to both Netflix and YouTube.
3. Don’t let them scare you. Cybercriminals may use threats or a false sense of urgency to trick you into acting without thinking. This email threatens to suspend your streaming account if you don’t hand over your billing and payment information – that’s phishy.
4. Don’t click links within a suspicious email. Hyperlinks that appear legitimate can be a disguised link to a criminal or malicious website. When in doubt, hover your mouse over the text of the hyperlink (you should see the full URL, which will help to show whether it leads to a legitimate website) or better yet, open a browser window and manually type in the hyperlink yourself to prevent being redirected.

Coincidentally, there’s a current Netflix phishing scam live on the internet right now. Our post about the scam and a sophos.com article linked from our post go through through how tricky this phishing scam is. This month’s Secure UD test emulated some of the tricks and “typos” scammers use to make readers see “Netflix,” even if that word is not actually there. The real scam used similar tricks, including using a subscripted Greek letter chi (χ) instead of a lowercase x.

Always exercise caution; if you receive a suspicious request for your payment information, instructions to visit a suspicious website, or see a suspicious attachment, forward it to reportaphish@udel.edu.

And always, Think B4 You Click!