If you’re reading this, you may have spotted September’s phishing test email! As always, you should forward this, or any other suspicious or questionable email, to reportaphish@udel.edu. Even if you click on a phishing link, always report the message. When it’s a UD challenge, we increase our reporting rate and gain greater understanding of our community’s awareness about phishing. When it’s a real phish, we can help reduce or prevent the consequences to you and the UD community.

This email was sent as part of the Secure UD “Take a BITE out of phish!” campaign, a University initiative to raise our community’s awareness about phishing attacks, their consequences, and how to avoid becoming a victim. Each month, a random sample of employees will receive a harmless test phish like this one:

1. Always examine the sender’s email address. If the “from” address is unfamiliar, take a few extra moments to examine the contents of the email.

2. Using your name or other information specific to you (like your supervisor or department name) does not mean an email is legitimate. Phishers will often use your name or additional information to appear legitimate. Consider the necessity of posting publicly viewable personal or professional information online and know that your content can be, and sometimes is, archived.

3. Don’t click links within a suspicious email. Hyperlinks that appear legitimate can be disguised links to a criminal or malicious website. When in doubt, hover your mouse over the hyperlink’s text (you should see the full URL, which will help show whether it leads to a legitimate website). Or better yet, open a browser window and manually type the URL yourself to prevent it from being redirected. To inspect a link when using a mobile device, you can tap and hold the link to see the actual URL.

4. Don’t be blinded by official names or logos. Sophisticated cybercriminals will often use images and branding from a company or university’s website to make their emails appear official.

A typical Google phishing attack is delivered through a message or link that asks the recipient (usually a friend, colleague, or family of the compromised victim) to open a file that had been shared using Google Drive. When recipients click on a link to access the file, they are redirected to a landing page that invites them to sign in using their email username and password details. The scammers then capture these details to access the accounts.

For more information, visit: https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams