If you’re reading this, you may have spotted December’s test phishing email! This email was sent as part of the Secure UD “Take a BITE out of phish!” campaign, a University initiative to raise our community’s awareness about phishing attacks, their consequences, and how to avoid becoming a victim. Each month, a random sample of employees will receive a harmless test phish like this one:
Let’s look at what makes this email untrustworthy:
- Check the sender. If the “from” address is unfamiliar, take a few extra moments to examine the contents of the email. In this case, the email is sent from a generic “email@example.com” address and not a recognizable company.
- Be extra careful around the holidays. During the holiday season, you will see an increase in phishing attempts, as hackers try to capitalize on the higher number of regular deals offered by legitimate companies. Many of these phishes will offer appealing deals, but if an email offers something too good to be true, it just might be. Just take a few extra seconds when faced with a deal offered around the holidays, it might be a phish. For example, take a look at the fake delivery notification we sent out in September or last month’s fake deal!
- Check the branding. Is this a brand or logo that you recognize? This email has generic branding and no visible logo. Some hackers can create official-looking logos or branding that could trick you into thinking the email comes from a legitimate source.
- Don’t click links within a suspicious e-mail. Links in a suspicious email may take you to a criminal or malicious website. When in doubt, hover your mouse over the text of the hyperlink (you should see the full URL, which will help to show whether it leads to a legitimate website).
Always exercise caution; if you receive a suspicious request for your personal information, instructions to visit a suspicious website, or download a suspicious attachment, forward it to firstname.lastname@example.org.
And as always, Think B4 U Click!