This time, we have a pretty simple spear phish. It’s just an email that claims to come from the University (note that it doesn’t specify a department, office, or chairperson) notifying you that you have a new message. Exactly what kind of message is left to the user’s imagination. Unless you clicked on the link, in which case you know it’s malware.
If we look closely at the message, we see that it doesn’t actually come from a UD address. It comes to us from emory.edu instead. The email’s opening doesn’t address a specific person by name (if the University sends you a personalized notification, it will have your name on it). Also, the body text is also awkward and improperly capitalized.
The phisher has gotten clever with the link, though. Knowing that people may be checking URLs for “udel,” this scammer has given us a link that ends in “udel.php.” The problem is that the link still points to a non-UDel domain. Remember that the domain is in the very first part of the URL; in this case, we have “autoplanlaplata.com” instead of “udel.edu.”
Some people on campus have already been tricked by this email. Remember to watch out for the tell-tale signs of phishing scams, and never click suspicious links.