A suspicious email with a link to a fake CAS login page was reported by several colleagues today. The email was purportedly sent from a generic “account@udel.edu” email account with the subject line “Payroll Notification.” Please review the original email with annotations below:

1. Generic sender: If the “from” address is unfamiliar, take a few moments to examine the contents of the email. In this case, the email was sent from “account@udel.edu”, an erroneous UD address.

2. Watch for spelling errors: In this instance, Delaware is misspelled. The University of “Delware” does not exist, which indicates this email is not from an official sender.

3. Be aware of generic greetings: If the sender is requesting information from you, they will likely personalize the message greeting. “Dear Staff Member” should raise a red flag.

4. Identify links: Be wary of clicking links embedded within emails. Before you click, identify the intended destination. In this example, the link does not direct you to a secure UD site.

Always take a close look at the destination page – please review the malicious website with annotations below:

5. Inspect the website URL: Analyze URLs carefully to identify suspicious websites. Here, “shantoshrenuyadev.com” is not affiliated with UD. Use this information as a resource and leave the site.

6. Grammatical Errors: Notice the misspelling of “PPassword” – always avoid submitting any sensitive information to dubious websites.


Always exercise caution; if you receive a suspicious request for your personal information, instructions to visit a suspicious website, or a request to download a suspicious attachment, forward it to reportaphish@udel.edu.

And as always, Think B4 U Click!