If you’re reading this, you may have spotted January’s test phishing email! This email was sent as part of the Secure UD “Take a BITE out of phish!” campaign, a University initiative to raise our community’s awareness about phishing attacks, their consequences, and how to avoid becoming a victim. Each month, a random sample of employees will receive a harmless test phish like this one:
Let’s look at what makes this email suspicious:
- Check the sender. If the “from” address is unfamiliar, take a few extra moments to examine the contents of the email. In this case, the email is sent from “mws@workcentrelife.com”, which is not a real organization.
- Using your name does not mean an email is legitimate. Phishers will often use your real name to try to trick you into believing an email is legitimate.
- Don’t open or download attachments within a suspicious email. These attachments often contain malware that will infect your device; if you open them, you could be giving hackers access to your data or control of your device. This email appears to contain a link to an attachment called “grant_review.pdfx”, but the “file” only serves as bait for the curious user.
- Check for poor spelling and grammar. Scam emails often contain typos and other errors — which is a big red flag that it probably did not come from a legitimate source. In this email, the closing is duplicated with “Best regards” and “Thank You”.
- Verify the source. Lack of details about the sender or how you can contact the sender strongly suggests a phish. Legitimate businesses will almost always provide contact details. Scammers will often send an email that appears to come from a trusted source. Take a couple seconds to consider if this request and signature is something you recognize. In this email, “the Higher Education Grant Centre (U.S)” and “Higher Education Grant Team” are fictitious.
- Don’t click links within a suspicious e-mail. Hyperlinks that appear legitimate can be a disguised link to a criminal or malicious website. When in doubt, hover your mouse over the text of the hyperlink (you should see the full URL, which will help to show whether it leads to a legitimate website). Or better yet, open a browser window and manually type in the hyperlink yourself to prevent it being re-directed. To inspect a link when using most mobile devices, you can tap and hold the link to inspect the actual URL.
Always exercise caution; if you receive a suspicious request for your personal information, instructions to visit a suspicious website, or download a suspicious attachment, forward it to reportaphish@udel.edu.
And as always, Think B4 U Click!