If you’re reading this, you may have spotted July’s test phishing email! This email was sent as part of the Secure UD “Take a BITE out of phish!” campaign, a University initiative to raise our community’s awareness about phishing attacks, their consequences, and how to avoid becoming a victim. Each month, a random sample of employees will receive a harmless test phish like this one:



Now let’s look at what makes this email untrustworthy:


  1. Check the sender. If the “from” address is unfamiliar, take a few extra moments to examine the contents of the email. In this case, the email is sent from “luke.johnson46@gmaiil.live,” so you should ask yourself if this is an address you recognize. Remember to remain extra vigilant about checking email addresses and links as you continue to work from home.
  2. Verify the source. Scammers will often send an email that appears to come from a trusted source. Use a separate method, like a separate search engine, to verify that the source is legitimate.
  3. Don’t download files or attachments. Suspicious emails often contain files and attachments that appear to be trustworthy and safe, but are not.
  4. Using your name does not equal legitimacy. Phishers may use your name in order to appear legitimate. In doing so, they are hoping you will comply and provide the information they seek.
  5. Don’t click links. Links in a suspicious email may take you to a criminal or malicious website. When in doubt, hover your mouse over the text of the hyperlink (you should see the full URL, which will help to show whether it leads to a legitimate website).
  6. Don’t be blinded by official names/logos. Many criminals will use “scraped” logos and branding from a company or university’s website in order to make their emails appear official. For example, this email mentions Google Docs, a widely used and trusted source.

Always exercise caution; if you receive a suspicious request for your personal information, instructions to visit a suspicious website, or download a suspicious attachment, forward it to reportaphish@udel.edu.

And as always, Think B4 U Click!