Did you spot June’s Secure UD Phishing test?

Jun 25, 2018 | Uncategorized

If you’re reading this, you may have spotted June’s test phishing email! This email was sent as part of the Secure UD “Take a BITE out of phish!” campaign, a University initiative to raise our community’s awareness about phishing attacks, their consequences, and how to avoid becoming a victim. Each month, a random sample of employees will receive a harmless test phish like this one:

June's test phish. Did you spot it?

Let’s see what makes this email untrustworthy.

  1. Check the sender. If the “from” address is unfamiliar, take a few extra moments to carefully examine the contents of the email message. This email comes from “jlymia@workportal.email.” Does that sound like anyone you work with or know?
  2. Don’t click links within a suspicious e-mail. Links in an email can be a disguised link to a criminal or malicious website. When in doubt, hover your mouse over the text of the hyperlink (you should see the full URL, which will help to show whether it leads to a legitimate website).
  3. Don’t feel pressured by the sense of urgency. Phishing attacks like this one urge you to reply immediately or else face the consequences. In this case, the email wants you to reply with updates to a document “right away.”
  4. Don’t rely on logos or branding alone. Many criminals will use “scraped” logos and branding from a company or university’s website in order to make their emails appear official. For example, this email actually uses the official UD signature! While some of the branding in this email is legit, there are other factors you should consider when determining whether an email is a phish.
  5. Check the contact information. Who’s this email really from? In this case, the email is signed from a “Joan Lymia,” a fictitious employee. Don’t stop at the name though! The job title of “Assistant Director” might seem realistic, but it is a vague attempt to trick you into thinking that you just might know Joan. No department name or phone number is given, so you can’t separately verify the sender’s identity. The best way to do so would be to check the UD Directory where you would see that the given email address is invalid.

Always exercise caution; if you receive a suspicious request for your payment information, instructions to visit a suspicious website, or download a suspicious attachment, forward the message to reportaphish@udel.edu.

And as always, Think B4 You Click!

Share this post:

Share on LinkedIn