Multiple people have reported seeing a dangerously well-crafted phishing message that tries to lure University of Delaware faculty, staff, and students to log in to a fake UD page and “reactivate” their UD Library account. This email is a scam. Do not click the link if you see a message like the one shown below.
Savvy email readers know the signs that this message is a scam:
- The email tries to create a false sense of urgency (“You must take action at once!”) then includes a request to visit a website and provide your account information. That should be a red alert right there.
- If you inspect the apparent udel.edu link, you’d find that if you clicked the link you would be taken to
cas.nss.udel.edu.lib2.xyz/reactivation/login.html
The URL begins with UD specific sounding things (cas, nss, udel, edu, lib2), but the link really goes to a site in the “lib2.xyz.”
- “library” is not capitalized in the email’s signature block.
- UD has no office named “ITS Project Services.”
- Some copies of this note included this advertisement after the signature block:
No office at the University of Delaware appends advertisements for web hosting companies to their emails. - University of Delaware faculty, staff, and students all have UD Library privileges while they are employed by or enrolled at the University. Their accounts do not “expire.”
If you don’t pay attention, this scammer’s inclusion of some correct UD terminology and his attention to detail might trick you into falling for this dangerous spear phishing attack. The scammer used
- A spoofed from address (library@udel.edu)
- Mostly correct grammar, formatting, and spelling
- That apparent link to a udel.edu site
- The IT Support Center’s correct phone number in the email’s signature block
- A real-looking email address in the email’s signature block.
Even though the scammer has worked hard to fool you, you can identify a well-crafted scam like this one if you take a moment to
Think B4 U Click!