Did you spot September’s #SecureUD #phishing test?

If you’re reading this, you may have spotted September’s test phishing email! This email was sent as part of the Secure UD “Take a BITE out of phish!” campaign, a University initiative to raise our community’s awareness about phishing attacks, their consequences, and how to avoid becoming a victim. As part of the campaign, random samples of employees will receive a harmless test phish (like this one):

 

Let’s break down this email and see why it’s so phishy:

1. Check the sender. If the “from” address is unfamiliar or not recognizable, take a few extra moments to carefully examine the contents of the email message.
2. Using your name does not equal legitimacy. Phishers will often use your name in order to appear legitimate.
3. Don’t click links within a suspicious e-mail. Hyperlinks that appear legitimate can be a disguised link to a criminal or malicious website. When in doubt, hover your mouse over the text of the hyperlink (you should see the full URL, which will help to show whether it leads to a legitimate website). Or better yet, open a browser window and manually type in the hyperlink yourself to prevent it being re-directed. To inspect a link when using a mobile device, you must tap and hold the link to see the actual URL.
4. Review the signature and closing. Lack of details about the sender or how you can contact the sender strongly suggests a phish. Legitimate businesses will always provide contact details. Scammers will often send an email that appears to come from a trusted source. Don’t be blinded by official names or logos. Take a couple seconds to consider if this request and signature is something you recognize. In this type of cyberattack, scammers send an email that appears to come from a trusted source (e.g., a University official such as a president, dean, chairperson, or other position)

Always exercise caution; if you receive a suspicious request for your personal information, instructions to visit a suspicious website, or download a suspicious attachment, forward it to reportaphish@udel.edu.

And as always, Think B4 U Click!