If you’re reading this, you may have spotted March’s phishing test email! As always, you should forward this, or any other suspicious or questionable email, to reportaphish@udel.edu. Even if you click on a phishing link, always report the message. When it’s a UD challenge, we increase our reporting rate and gain greater understanding of our community’s awareness about phishing. When it’s a real phish, we can help reduce or prevent the consequences to you and the UD community.

This email was sent as part of the Secure UD “Take a BITE out of phish!” campaign, a University initiative to raise our community’s awareness about phishing attacks, their consequences, and how to avoid becoming a victim. Each month, a random sample of employees will receive a harmless test phish like this one:

1. Always examine the sender’s email address. If the “from” address is unfamiliar, take a few extra moments to examine the contents of the email.

2. Don’t be blinded by official names or logos. Sophisticated cybercriminals will often use images and branding from a company or university’s website to make their emails appear official.

3. Don’t click links within a suspicious email. Hyperlinks that appear legitimate can be disguised links to a criminal or malicious website. When in doubt, hover your mouse over the hyperlink’s text (you should see the full URL, which will help show whether it leads to a legitimate website). Or better yet, open a browser window and manually type the URL yourself to prevent it from being redirected. To inspect a link when using a mobile device, you can tap and hold the link to see the actual URL.

A typical Google phishing attack is delivered through a message or link that asks the recipient (usually a friend, colleague, or family of the compromised victim) to open a file that had been shared using Google Drive. When recipients click on a link to access the file, they are redirected to a landing page that invites them to sign in using their email username and password details. The scammers then capture these details to access the accounts.

For more information, visit: https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams