If you’re reading this, you may have spotted November’s phishing test email! As always, you should forward this, or any other suspicious or questionable email, to reportaphish@udel.edu. Even if you click on a phishing link, always report the message. When it’s a UD challenge, we increase our reporting rate and gain greater understanding of our community’s awareness about phishing. When it’s a real phish, we can help reduce or prevent the consequences to you and the UD community.

This email was sent as part of the Secure UD “Take a BITE out of phish!” campaign, a University initiative to raise our community’s awareness about phishing attacks, their consequences, and how to avoid becoming a victim. Each month, a random sample of employees will receive a harmless test phish like this one:

SecureUD November phishing test

Let’s look at what makes this email suspicious:

1. Always examine the sender’s email address. If the “from” address is unfamiliar, take a few extra moments to examine the contents of the email.

2. Be aware of “are you there?” phishes. In recent months, UD has seen an increase in targeted phishing attacks that usually start with a simple introduction like “Are you there?” or “Are you available?” Read our article about these particular kinds of phishes: https://sites.udel.edu/threat/2019/02/26/campus-targeted-by-gift-card-fraud/

3. Don’t click links within a suspicious e-mail. Hyperlinks that appear legitimate can be a disguised link to a criminal or malicious website. When in doubt, hover your mouse over the text of the hyperlink (you should see the full URL, which will help to show whether it leads to a legitimate website). Or better yet, open a browser window and manually type in the hyperlink yourself to prevent it being re-directed. To inspect a link when using a mobile device, you can tap and hold the link to see the actual URL.

4. Be extra cautious handling requests for any type of payment. Ask yourself if the contents of the email make sense. In this email, there is a vague mention of a “favor” and a request for gift cards, and it is signed from “Brian.” Take a couple seconds to think if this request and signature is something you recognize. In this type of cyberattack, scammers send an email that appears to come from a familiar source in an attempt to commit fraud by persuading you to purchase gift cards, initiate payments or wire transfers, or divulge sensitive information.

For more information, visit: https://www.consumer.ftc.gov/articles/gift-card-scams

Always exercise caution; if you receive a suspicious request for your personal information, instructions to visit a suspicious website, or download a suspicious attachment, forward it to reportaphish@udel.edu.

And as always, Think B4 U Click!