Spear phishing for iTuna. I mean, iTunes…

Some 91% of cyber attacks begin with a spear phishing email.* Phishing attacks have been on the rise at UD—keep reading to learn more about how to identify and protect yourself against these attacks.

What is spear phishing?

In this type of cyberattack, scammers send an email that appears to come from a trusted source (for example, a University official such as a president, dean, chairperson, or other position) in an attempt to commit fraud by persuading you to purchase gift cards, initiate payments or wire transfers, or divulge sensitive information. Spear phishing differs from generic phishing in that it’s more targeted, often including familiar names, organizations, or logos to create a convincing lure.

What they look like:

These messages usually begin with a simple “are you there?” to provoke correspondence. If an unsuspecting employee replies, the scammers will urge them to purchase iTunes or other gift cards and send the codes in an email reply.

 

What we’ve seen:

Over the last several months, UD has seen persistent spear phishing attacks impersonating executive and senior leadership at UD—including deans and department chairs. Often, these messages will look like they are coming from people you know and may work with.

 

Most often, these attacks are sent from commercial email accounts that appear to be named for the individuals being impersonated (e.g. assanis@gmail.com).

 

What can you do:

  1. If you see a phishing attempt, DO NOT RESPOND.
  2. Forward any phishing emails to reportaphish@udel.edu. Our community’s vigilant reporting helps us respond faster and more effectively to new attacks.
  3. Let your colleagues know that you’ll use your official UDel email account for University-related activities.

 

What actions have been taken:

IT has been working with senior leadership and individuals across campus to respond to attacks and proactively educate the community. Interested persons should use this form letter to address concerns of spear phishing attacks within their departments.

 

*According to research from security software firm Trend Micro.