If you’re reading this, you may have spotted July’s test phishing email! This email was sent as part of the Secure UD “Take a BITE out of phish!” campaign, a University initiative to raise our community’s awareness about phishing attacks, their consequences, and how to avoid becoming a victim. Each month, a random sample of employees will receive a harmless test phish like this one:
Let’s look at why this email is suspicious:
- Look out for missing details. Lack of personal details within the email, such as your name, is suspicious. If you registered for this conference, they should, at the very least, have your name associated with your email address.
- Check the branding. Is this a brand or logo that you recognize? This email is from a “Personal Cyber Security seminar” that does not exist, and uses a stock photo of an office building for the banner. Some hackers can create official-looking logos or branding that could trick you into thinking the email comes from a legitimate source.
- Don’t feel pressured by the sense of urgency. Phishing attacks like this one urge you to reply immediately or else face consequences. In this case, the email wants you to confirm your registration to the seminar or risk losing your seat.
- Don’t click links within a suspicious e-mail. Links in a suspicious email may take you to a criminal or malicious website. When in doubt, hover your mouse over the text of the hyperlink (you should see the full URL, which will help to show whether it leads to a legitimate website).
- Check the contact information. Who’s this email really from? In this case, the email is signed from a “Lacey Praido,” a fictitious person. Don’t stop at the name though! The job title of “Assistant Coordinator” might seem realistic, but it is a vague attempt to trick you into thinking that Lacey might have a reason for emailing you. No phone number is given, so you can’t separately verify the sender’s identity. Also, “O’Gore Hall” sounds remarkably similar to UD’s own “Gore Hall,” but does not actually exist!
Always exercise caution; if you receive a suspicious request for your payment information, instructions to visit a suspicious website, or download a suspicious attachment, forward the message to reportaphish@udel.edu.
And as always, Think B4 You Click!