If you’re reading this, you may have spotted February’s test phishing email! This email was sent as part of the Secure UD “Take a BITE out of phish!” campaign, a University initiative to raise our community’s awareness about phishing attacks, their consequences, and how to avoid becoming a victim. Each month, a random sample of employees will receive a harmless test phish like this one:
Let’s look at what makes this email suspicious:
- Check the sender. If the “from” address is unfamiliar, take a few extra moments to examine the contents of the email.
- Using your name does not mean an email is legitimate. Phishers will often use your name in order to appear legitimate.
- Don’t click links within a suspicious e-mail. Hyperlinks that appear legitimate can be a disguised link to a criminal or malicious website. When in doubt, hover your mouse over the text of the hyperlink (you should see the full URL, which will help to show whether it leads to a legitimate website). Or better yet, open a browser window and manually type in the hyperlink yourself to prevent it being re-directed. To inspect a link when using most mobile devices, you can tap and hold the link to inspect the actual URL.
- Don’t be blinded by official names or logos. Many criminals will use “scraped” logos and branding from a company or university’s website in order to make their emails appear official.
- Check the contact information. Who’s this email really from? In this case, the email is signed from Ann Grallistin. Have you heard of this person? If the name seems unfamiliar, a good way to separately verify the sender’s identity is to look the name up in the UD Directory to see if the individual is employed at UD or even contact the alleged sender directly through a more verifiable method like a phone call.
Always exercise caution; if you receive a suspicious request for your personal information, instructions to visit a suspicious website, or download a suspicious attachment, forward it to reportaphish@udel.edu.
And as always, Think B4 U Click!