If you’re reading this, you may have spotted July’s second test phishing email! As always, you should forward this, or any other suspicious or questionable email, to reportaphish@udel.edu. Even if you click on a phishing link, always report the message. When it’s a UD challenge, we increase our reporting rate and gain greater understanding of our community’s awareness about phishing. When it’s a real phish, we can help reduce or prevent the consequences to you and the UD community.
This email was sent as part of the Secure UD “Take a BITE out of phish!” campaign, a University initiative to raise our community’s awareness about phishing attacks, their consequences, and how to avoid becoming a victim. Each month, a random sample of employees will receive a harmless test phish like this one:
Be extra cautious handling wire transfer requests. Also called “wire transfer fraud”, wire transfer phishing is a type of “social engineering attack” that uses impersonation to trick the victim into transferring money to the attacker. Requests for money from a company you’ve never dealt with are likely phishing scams. Always take steps to validate wire transfers before making payments. For example: keep careful and secure records of vendors’ bank details, verify payments over the phone where practical, and contact the payee directly where there are any concerns.
Let’s look at what makes this email suspicious:
1. Always examine the sender’s email address. If the “from” address is unfamiliar, take a few extra moments to examine the contents of the email.
2. Using your name or other information specific to you (like your supervisor or department name) does not mean an email is legitimate. Phishers will often use your name or other information in order to appear legitimate. Consider the necessity of posting publicly viewable personal or professional information online and know that your content can be, and sometimes is, archived.
3. Don’t be pressured by a sense of urgency. Cyber criminals may use threats or a false sense of urgency to trick you into acting without thinking. If an email threatens you with consequences for not doing something immediately, step away and take a moment to think it over. If you’re truly concerned, contact the company or sender separately to verify the email’s contents.
4. Review the signature and closing. Lack of details about the sender or how you can contact the sender strongly suggests a phish. Legitimate businesses will usually provide contact details. Scammers will often send an email that appears to come from a trusted source. Take a couple seconds to consider if this request and signature is something you recognize.
5. Don’t open or download attachments within a suspicious email. These attachments often contain malware that will infect your device; if you open them, you could be giving hackers access to your data or control of your device. This email appears to contain a link to an attachment called “udel-invoice-new.pdf”, but the “file” only serves as bait for the curious user.
Always exercise caution; if you receive a suspicious request for your personal information, instructions to visit a suspicious website, or download a suspicious attachment, forward it to reportaphish@udel.edu.
And as always, Think B4 U Click!