If you’re reading this, you may have spotted October’s test phishing email! This email was sent as part of the Secure UD “Take a BITE out of phish!” campaign, a University initiative to raise our community’s awareness about phishing attacks, their consequences, and how to avoid becoming a victim. Each month, a random sample of employees will receive a harmless test phish like this one:
Let’s examine what makes this email so suspicious:
- Don’t let them scare you. Cyber criminals may use threats or a false sense of urgency to trick you into acting without thinking. If an email threatens you with consequences for not doing something immediately, step away and take a moment to think it over. If you’re truly concerned, call or speak to someone from the company in person for clarification.
- Check the links. Always verify that link addresses are spelled correctly, and hover your mouse over a link to check its true destination. Beware of shortened links like “http://bit.ly,” “http://goog.le,” and “http://tinyurl.com.”
- Check the sender. If the “from” address doesn’t match the alleged sender of the email, or if it doesn’t make sense in the context of the email, things should start looking phishy.
- Don’t open suspicious attachments. Some phishing emails try to get you to open an attached file. These attachments often contain malware that will infect your device; if you open them, you could be giving hackers access to your data or control of your device.
Always exercise caution; if you receive a suspicious request for your personal information, instructions to visit a suspicious website, or download a suspicious attachment, forward it to reportaphish@udel.edu.
And as always, Think B4 U Click!