Dangerous UD-branded phish
March 09, 2018
Phishing email scams are still a top information security threat
On Friday, March 9, several University of Delaware faculty and staff reported receiving a phishing scam that stole elements of UD’s official branding.
UD Information Technologies has posted information about this UD-branded phish to the Secure UD Threat Alerts blog.
Phishing, email in which criminals try to trick people into revealing personal or account information, is one of the most common ways that people’s identities are stolen or that an organization’s systems and networks are compromised. In fact, Forbes reported in 2017 that phishing scams cost U.S. businesses about $500M annually.
The danger is so great because criminals have become adept at stealing official-looking graphics and writing urgent-sounding notifications. Therefore, University faculty, staff, students, alumni and retirees should educate themselves to protect their confidential information, University information entrusted to their care and University systems.
The elements of a phish
Phishing email is often sent from an address that the recipient will not recognize. For example, the phish seen today appeared to come from another university.
Look out for email that claims there’s an urgent problem that can be fixed by just “clicking here.”
Be wary of email that does not include information about verifying the contents of the message.
Allegedly official emails that contain a lot of grammar, punctuation and language errors should raise concerns.
Think before clicking a link in email. Inspect links before clicking them. Do they go to a trustworthy site? If a University department sends emails that use non-udel.edu links, that department should include a verification statement in those emails.
More information is available at the Secure UD website.
What you can do
If you see a suspicious email, report it right away by forwarding it to email@example.com or your departmental IT staff.
The University’s educational Secure UD “Take a BITE out of phish!” campaign empowers the University community to protect itself. The campaign uses simulated phishing attacks to challenge employees to become more aware of the threats they face.
Check the Secure UD Threat Alerts blog regularly for information about phishing scams and other cyberthreats. So far this year, UD IT has posted information about phishing scams targeting UD, Apple customers, taxpayers, fans of the Olympics, Netflix customers and FedEx customers.