If you’re reading this, you may have spotted February’s test phishing email! This email was sent as part of the Secure UD “Take a BITE out of phish!” campaign, a University initiative to raise our community’s awareness about phishing attacks, their consequences, and how to avoid becoming a victim. Each month, a random sample of employees will receive a harmless test phish like this one:
Let’s look at what makes this email suspicious:
- Check the sender. If the “from” address is unfamiliar, take a few extra moments to carefully examine the contents of the email message. This email comes from “udel-it@workportal.email.” Does that sound like anyone you work with or know? If the email is truly coming from the University, the address should end with “@udel.edu.”
- Don’t be blinded by official names or logos. Many criminals will use “scraped” logos and branding from a company or university’s website in order to make their emails appear official. For example, this email actually uses scraped UD branding! While some of the branding in this email is legit, there are other factors you should consider when determining whether an email is a phish. No legitimate entity will ever ask you to confirm this information over email.
- Don’t be pressured by a sense of urgency. Cyber criminals may use threats or a false sense of urgency to trick you into acting without thinking. If an email threatens you with consequences for not doing something immediately, step away and take a moment to think it over. If you’re truly concerned, contact the company or sender separately to verify the email’s contents.
- Don’t click links within a suspicious e-mail. This email threatens the consequence of losing access if you do not click the link within the email, hoping that you will click the link to avoid the consequences without thinking. However, you should take a few extra seconds to check the link by hovering your mouse over the link to see the full URL. For some mobile email clients, clicking and holding the link reveals the full URL as well.
- Check the contact information. Who’s this email really from? In this case, the email is only signed from the “UDEL Office of Information Technology.” Compare this email with others you might have received from UD IT and see if the signatures match.
Always exercise caution; if you receive a suspicious request for your payment information, instructions to visit a suspicious website, or download a suspicious attachment, forward the message to reportaphish@udel.edu.
And as always, Think B4 You Click!