If you’re reading this, you may have spotted April’s test phishing email! This email was sent as part of the Secure UD “Take a BITE out of phish!” campaign, a University initiative to raise our community’s awareness about phishing attacks, their consequences, and how to avoid becoming a victim. Each month, a random sample of employees will receive a harmless test phish like this one:

Annotated version of the April Secure UD phishing test.

Let’s see what makes this email so questionable:

  1. Check the sender. If the “from” address is unfamiliar, take a few extra moments to carefully examine the contents of the email message. This email comes from “sale@onlinestorepickup.com.” Does that sound like any company you know? If the email is truly coming from a legitimate company, the company’s name should be part of the sending address.
  2. Don’t be pressured by a sense of urgency. Cyber criminals may use threats or a false sense of urgency to trick you into acting without thinking. If an email threatens you with consequences for not doing something immediately, step away and take a moment to think it over. If you’re truly concerned, contact the company or sender separately to verify the email’s contents.
  3. Don’t click links within a suspicious e-mail. Take a few extra seconds to check the link by hovering your mouse over the link to see the full URL. For some mobile email clients, clicking and holding the link reveals the full URL as well.
  4. Be extra careful around the holidays. During the holiday season, you will see an increase in phishing attempts, as hackers try to capitalize on the higher number of regular deals offered by legitimate companies. Many of these phishes will offer appealing deals, but if an email offers something too good to be true, it just might be. Just take a few extra seconds when faced with a deal offered around the holidays, it might be a phish. For example, take a look at the fake holiday deal we sent out last December!
  5. Watch out for broken links. Some hackers will use poor spelling and grammar in their phishing attempts, as well as broken links. These links are ones that will take you to an “Error 404” page.

Always exercise caution; if you receive a suspicious request for your payment information, instructions to visit a suspicious website, or download a suspicious attachment, forward the message to reportaphish@udel.edu.

And as always, Think B4 You Click!