Some bright-eyed colleagues of ours spotted this phish in their inboxes before 7:00 a.m. this morning:

VPN related phishing scam.

Grammar and language issues, some of which are highlighted in red, a sender at another university, and a “Login” link that goes to a link mark this as a phishing attempt!

Even though this phish uses a pretty good facsimile of UD branding, the grammar and language issues and the sender from another university should let you identify it as a phish. And what about the policy gibberish at the end of the message? And did you inspect the “Login” link? And how can you contact someone to verify the contents of this message?

This spear phish aimed at UD is dangerous because of the branding, the use of “UDEL”, the use of the name of the actual VPN software UD uses, and the sense of urgency it tries to communicate to the reader. But if you are careful and take a moment to hover your mouse over the link — hey, that’s not a link! — and to read the text, it’s pretty obvious that this is a phishing scam designed to collect your login information for some nefarious purpose.

As always,

Think B4 U Click!