If you’re reading this, you may have spotted October’s phishing test email! As always, you should forward this, or any other suspicious or questionable email, to reportaphish@udel.edu. Even if you click on a phishing link, always report the message. When it’s a UD challenge, we increase our reporting rate and gain greater understanding of our community’s awareness about phishing. When it’s a real phish, we can help reduce or prevent the consequences to you and the UD community.

This email was sent as part of the Secure UD “Take a BITE out of phish!” campaign, a University initiative to raise our community’s awareness about phishing attacks, their consequences, and how to avoid becoming a victim. Each month, a random sample of employees will receive a harmless test phish like this one:

Let’s look at what makes this email suspicious:

  1. Always examine the sender’s email address. If the “from” address is unfamiliar, take a few extra moments to examine the contents of the email. In this email, the sending domain is spoofing a popular cloud storage solution. An email domain is the web address that comes after the @ symbol in an email address (ex: businessdropbox.com).
  2. Be extra cautious handling tutoring or mentoring requests from people you’ve never dealt with before. A “check overpayment scam,” also called a “fake check scam,” starts with a person who wants to hire you short-term for a service you offer, such as a personal assistant, babysitting, or tutoring. They want to pay you in advance and typically send you a check that is more than what was agreed. The scammer tells you to deposit the check in your own bank account, and when it clears, they will “trust” you to send them (or someone else) the excess. They may ask you to wire the money directly, or send bitcoin, or send a prepaid Visa card. Your bank makes the funds available to you after a couple of days and you think it is safe to send the excess. However, it will take up to 2 weeks for your bank to hear back from the other bank that the check is fake. By that time, you have already sent the scammer several hundred dollars of your own money.
  3. Don’t click links within a suspicious e-mail. Hyperlinks that appear legitimate can be a disguised link to a criminal or malicious website. When in doubt, hover your mouse over the text of the hyperlink (you should see the full URL, which will help to show whether it leads to a legitimate website). Or better yet, open a browser window and manually type in the hyperlink yourself to prevent it being re-directed. To inspect a link when using a mobile device, you can tap and hold the link to see the actual URL.

For more information, visit: https://www.consumer.ftc.gov/articles/how-spot-avoid-and-report-fake-check-scams

Always exercise caution; if you receive a suspicious request for your personal information, instructions to visit a suspicious website, or download a suspicious attachment, forward it to reportaphish@udel.edu.

And as always, Think B4 U Click!