If you’re reading this, you may have spotted April’s test phishing email! This email was sent as part of the Secure UD “Take a BITE out of phish!” campaign, a University initiative to raise our community’s awareness about phishing attacks, their consequences, and how to avoid becoming a victim. Each month, a random sample of employees will receive a harmless test phish like this one:
Let’s see what’s so suspicious about this email:
- Don’t trust logos alone. Even if an email has a legitimate looking logo, it can still be a scam. This logo, for instance, is a spoof of the official TurboTax logo, except it’s misspelled and looks a bit different. Don’t be blinded by the use of official logos or brand names in a suspicious email.
- Check for poor spelling and grammar. Scam emails often contain typos and other errors — a big red flag that the email probably did not come from a legitimate source. In this email, “receive” is misspelled as “recieve,” and the sender used “this” instead of “the” when referring to reviewing the requirements.
- Don’t feel pressured by the sense of urgency. Scammy emails like this often urge you to do something immediately or else face the consequences. In this case, the email wants you to “confirm your personal account information (which a reputable company would never ask you to do) immediately!!” Note the use of two exclamation marks — no company would ever include that in an email, no matter how urgent the situation!
- Don’t be fooled by direct salutations. Just because an email includes your first and last name doesn’t mean it came from a trusted source. Scammers have tools that can quickly and easily populate phishing emails with full names in order to trick unsuspecting victims into clicking on a link or handing over personal information.
Always exercise caution; if you receive a suspicious request for your payment information, instructions to visit a suspicious website, or see a suspicious attachment, forward it to reportaphish@udel.edu.
And always, Think B4 You Click!