If you’re reading this, you may have spotted August’s test phishing email! This email was sent as part of the Secure UD “Take a BITE out of phish!” campaign, a University initiative to raise our community’s awareness about phishing attacks, their consequences, and how to avoid becoming a victim. Each month, a random sample of employees will receive a harmless test phish like this one:

Annotated image of the August 2019 Secure UD phishing test.

Now let’s look at what makes this email suspicious:

 

  1. Check the sender. If the “from” address is unfamiliar, take a few extra moments to examine the contents of the email. In this case, the email is sent from a “surveys@healthsend.net” which is not a recognizable survey company (such as Qualtrics or SurveyMonkey).
  2.  Double-check surveys with too good to be true prizes. Phishing attacks can often be disguised as a survey with enticing (but bogus) prizes to get recipients to click on the link. If the reward for clicking a survey link seems too good, take another look at the email because it might be a phish!
  3. Don’t click links within a suspicious e-mail. Take a few extra seconds to check the link by hovering your mouse over the link to see the full URL. For some mobile email clients, clicking and holding the link reveals the full URL as well.
  4. Don’t be pressured by a sense of urgency. Cyber criminals may use threats or a false sense of urgency to trick you into acting without thinking. If an email threatens you with consequences for not doing something immediately, step away and take a moment to think it over. If you’re truly concerned, contact the company or sender separately to verify the email’s contents.