If you’re reading this, you may have spotted July’s test phishing email! This email was sent as part of the Secure UD “Take a BITE out of phish!” campaign, a University initiative to raise our community’s awareness about phishing attacks, their consequences, and how to avoid becoming a victim. Each month, a random sample of employees will receive a harmless test phish like this one:

Annotated image of the July 2019 Secure UD phishing test.

Now let’s look at what makes this email untrustworthy:

  1. Check the sender. If the “from” address is unfamiliar, take a few extra moments to examine the contents of the email. In this case, the email is sent from an “@onlinestorepickup.com” and not any recognizable shipping company.
  2. Check the branding. Is this a brand or logo that you recognize? This email has extremely generic branding that does not connect the email to any recognizable company. Some hackers can create official-looking logos or branding that could trick you into thinking the email comes from a legitimate source.
  3. Verify the source. Use a separate method, like a separate search engine, to look up the website or phone number. Even though a link or phone number in an email may look like the real deal, scammers can hide the true destination.
  4. Look out for grammar and spelling errors. Scam emails often contain typos and other errors, which are red flags indicating that the email probably didn’t come from a legitimate source. For example, the word “from” is missing from this sentence.
  5. Don’t click links within a suspicious e-mail. Take a few extra seconds to check the link by hovering your mouse over the link to see the full URL. For some mobile email clients, clicking and holding the link reveals the full URL as well.

Always exercise caution; if you receive a suspicious request for your payment information, instructions to visit a suspicious website, or download a suspicious attachment, forward the message to reportaphish@udel.edu.

And as always, Think B4 You Click!