If you’re reading this, you may have spotted December’s test phishing email! This email was sent as part of the Secure UD “Take a BITE out of phish!” campaign, a University initiative to raise our community’s awareness about phishing attacks, their consequences, and how to avoid becoming a victim. Each month, a random sample of employees will receive a harmless test phish like this one:

Annotated version of the December Secure UD phishing test.

Here’s what makes this email fishy:

  1. Check the sender. If the “from” address is unfamiliar, take a few extra moments to examine the contents of the email. In this case, the email is sent from an “orders@housedepot.club” and not any recognizable business email.
  2. Don’t be blinded by official names or logos. Many criminals will use “scraped” logos and branding from a company or university’s website in order to make their emails appear official. For example, this email attempts to imitate a popular hardware retailer with the email address ending with “@housedepot.club.” This is one of the many factors you should consider when determining whether an email is a phish.
  3. Using your name does not equal legitimacy. Phishers may use your name in order to appear legitimate. In doing so, they are hoping you will comply and provide the information they seek.
  4. Don’t click links within a suspicious e-mail. Links in a suspicious email may take you to a criminal or malicious website. When in doubt, hover your mouse over the text of the hyperlink (you should see the full URL, which will help to show whether it leads to a legitimate website).
  5. Be extra careful around the holidays. During any holiday season, you will see an increase in phishing attempts, as hackers try to capitalize on the higher number of regular deals offered by legitimate companies. Many of these phishes will offer appealing deals, but if an email offers something too good to be true, it just might be. Just take a few extra seconds when faced with a deal offered around the holidays, it might be a phish. For example, take a look at the fake holiday deal we sent out in June!

Always exercise caution; if you receive a suspicious request for your personal information, instructions to visit a suspicious website, or download a suspicious attachment, forward it to reportaphish@udel.edu.

And as always, Think B4 U Click!