If you’re reading this, you may have spotted June’s test phishing email! This email was sent as part of the Secure UD “Take a BITE out of phish!” campaign, a University initiative to raise our community’s awareness about phishing attacks, their consequences, and how to avoid becoming a victim. Each month, a random sample of employees will receive a harmless test phish like this one:Annotated image of the June Secure UD phishing test.

Let’s look at what makes this message fishy:

  1. Check the sender. If the “from” address is unfamiliar, take a few extra moments to carefully examine the contents of the email message. This email comes from “tools@housedepot.club.” Does that sound like any company you know? If the email is truly coming from a legitimate company, the company’s name should be part of the sending address.
  2. Don’t be blinded by official names or logos. Many criminals will use “scraped” logos and branding from a company or university’s website in order to make their emails appear official. For example, this email attempts to imitate a popular hardware retailer with the email address ending with “@housedepot.club.” This is one of the many factors you should consider when determining whether an email is a phish. No legitimate entity will ever ask you to confirm personal information over email.
  3. Be extra careful around the holidays. During any holiday season, you will see an increase in phishing attempts, as hackers try to capitalize on the higher number of regular deals offered by legitimate companies. Many of these phishes will offer appealing deals, but if an email offers something too good to be true, it just might be. Just take a few extra seconds when faced with a deal offered around the holidays, it might be a phish. For example, take a look at the fake holiday deal we sent out last April!
  4. Don’t click links within a suspicious e-mail. Take a few extra seconds to check the link by hovering your mouse over the link to see the full URL. For some mobile email clients, clicking and holding the link reveals the full URL as well.
  5. Don’t be pressured by a sense of urgency. Cyber criminals may use threats or a false sense of urgency to trick you into acting without thinking. If an email threatens you with consequences for not doing something immediately, step away and take a moment to think it over. If you’re truly concerned, contact the company or sender separately to verify the email’s contents.

Always exercise caution; if you receive a suspicious request for your payment information, instructions to visit a suspicious website, or download a suspicious attachment, forward the message to reportaphish@udel.edu.

And as always, Think B4 You Click!