Phishing is an increasingly common and dangerous cyberattack perpetrated using email. Hackers and scammers, often pretending to represent familiar organizations like the IRS or a bank, send out emails that contain links to malicious sites or malware-infected attachments. Their intent is to trick unsuspecting people into surrendering their personal information or take control of their devices.

Recently, phishing attacks were responsible for several high-profile computer incidents, including the email breaches affecting John Podesta, the Democratic National Committee and Colin Powell during the 2016 presidential election.

The University of Delaware is announcing the Secure UD "Take a BITE out of phish!" campaign to raise awareness about phishing attacks, their consequences and how to avoid becoming a victim.

Members of the University community can guard against phishing attacks by remembering BITE:

• Be aware of the threat

• Identify the warning signs

• Tell us about suspicious messages

• Erase phish from your inbox

The "Take a BITE out of phish!" campaign is an extension of the phishing tests the University conducted previously in June 2015 and February 2016. Going forward, the University will conduct simulated phishing attacks on a monthly basis to keep the community aware of the constant threat that phishing attacks pose.

“We all must play a part in protecting ourselves, our students and other community members, and our University from cyber criminals,” says Provost Domenico Grasso.

Executive Vice President Alan Brangman adds, “Each of us has a responsibility to keep this community safe, and that all starts with being aware of the threats.”

Here’s how it works

Each month, the campaign will present a randomly selected sample of employees with a harmless test phish that mimics the real attacks being launched against the University community.

Employees who receive suspicious emails should forward them to reportaphish@udel.edu (whether they think it’s part of the test or not).

If an individual falls for one of the test phish, they’ll see a message about the "Take a BITE out of phish!" campaign and some clues that could help them identify phishing emails in the future. The test is nonpunitive; employees will not be punished for falling for one of the simulated phish. However, everyone is strongly encouraged to treat all suspicious emails as potentially dangerous.

“We want to make sure that our community is equipped with everything they need to protect themselves, each other and our University,” said Jason Cash, interim vice president for Information Technologies. “The focus of these tests is to help raise awareness of phishing and empower employees to respond appropriately to suspicious emails.”

What if you see a suspicious email?

If you see a suspicious email, forward it to reportaphish@udel.edu.

You can also check the Secure UD Threat Alerts blog, which includes annotated copies of phishing scams and other cyberthreats affecting the University community. Test phish will be fully annotated and published through the “Take a BITE out of phish!” webpage at the end of each month’s campaign.

Employees who would like to learn more about the dangers of phishing and how to keep themselves, the community and the University safe can do so by completing the “Social Engineering” and “Email, Phishing, and Messaging” modules of Secure UD Training.

Unit heads who would like to arrange a phishing test for their unit may do so by contacting secadmin@udel.edu.