Did you spot February’s Secure UD Phishing test?

If you’re reading this, you may have spotted February’s test phishing email! This email was sent as part of the Secure UD “Take a BITE out of phish!” campaign, a University initiative to raise our community’s awareness about phishing attacks, their consequences, and how to avoid becoming a victim. As part of the campaign, random samples of employees will receive a harmless test phish (like this one):

Let’s dissect this email and see why it’s so phishy:

1. Check the sender. If the “from” address is unfamiliar or not recognizable, take a few extra moments to carefully examine the contents of the email message.
2. Check for poor spelling and grammar. Scam emails often contain typos and other errors — which is a big red flag that it probably did not come from a legitimate source. In this email, “Microsoft” is misspelled as “Microsft”.
3. Don’t click links within a suspicious e-mail. Hyperlinks that appear legitimate can be a disguised link to a criminal or malicious website. When in doubt, hover your mouse over the text of the hyperlink (you should see the full URL, which will help to show whether it leads to a legitimate website). Or better yet, open a browser window and manually type in the hyperlink yourself to prevent it being re-directed.
4. Review the signature and closing. Lack of details about the sender or how you can contact the sender strongly suggests a phish. Legitimate businesses will always provide contact details.
5. Rely on common sense. You can’t win a contest you didn’t enter. Your bank won’t contact you using an email address you never registered. Microsoft did not remotely detect a virus on your PC. You can’t schedule a team meeting if you don’t know who you’re meeting with. Know the warning signs, think before you click, and never, ever give out your password or financial info.

Always exercise caution; if you receive a suspicious request for your payment information, instructions to visit a suspicious website, or see a suspicious attachment, forward it to reportaphish@udel.edu.

And always, Think B4 You Click!