If you’re reading this, you may have spotted May’s test phishing email! This email was sent as part of the Secure UD “Take a BITE out of phish!” campaign, a University initiative to raise our community’s awareness about phishing attacks, their consequences, and how to avoid becoming a victim. Each month, a random sample of employees will receive a harmless test phish like this one:
Let’s break down why this email is suspicious.
- Check for poor spelling or grammar. Many phishing emails will have common grammar or spelling mistakes. In this case, there is a period after “497MB.” And as long as we’re in this sentence, why does it refer to our “company policy” when we are a university?
- Don’t feel pressured by the sense of urgency. Phishing attacks like this often urge you to do something immediately or else face the consequences. In this case, the email warns you that if you don’t act soon you might lose access to your account.
- Don’t click links within a suspicious e-mail. Links that appear legitimate can be a disguised link to a criminal or malicious website. When in doubt, hover your mouse over the text of the hyperlink (you should see the full URL, which will help to show whether it leads to a legitimate website). Or better yet, open a browser window and manually type in the hyperlink yourself to prevent it being re-directed.
- Don’t be blinded by official names. Some phishing attempts misuse names or contain made-up names. If you have doubts about whether an email was sent from a legitimate University of Delaware source, contact the alleged sender separately (e.g., by phone), using published directory information, to inquire about the message.
- Don’t rely on logos or branding alone. Just because an email uses official logos or branding, does not mean that it is legitimate. Hackers commonly “scrape” images found online and drop them into phishing emails to trick people into thinking they’re real. In this email, the header and footer are static PNG images — the links at the bottom aren’t even clickable! We’ve seen real phishing emails that use scraped UD branding in the past.
- This one from March uses similarly scraped header and footer like our test phish.
- Another from 2016 scraped an ancient UD seal from somewhere online.
- This one uses only part of a scraped UD banner as the header.
What should you take from this discussion? Don’t assume an email is legitimate just because it has blue, gold, and UD somewhere on it — it could still be a phish.
Always exercise caution; if you receive a suspicious request for your payment information, instructions to visit a suspicious website, or see a suspicious attachment, forward it to reportaphish@udel.edu.
And as always, Think B4 U Click!