Because 2,000 members of the UD community received a May 15 phishing scam, UD IT reminds everyone of their shared role in Internet safety.

Internet safety: Phishing

Recent phishing email scam lands in 2,000 UD inboxes


3:54 p.m., May 18, 2015--Hackers targeted about 2,000 members of the University of Delaware community by sending a phishing message to their UD email inboxes on Friday, May 15, according to UD Information Technologies (IT).

The message claimed that an individual’s email account had exceeded its “storage limit” and that the account would be deleted unless the user clicked the provided link. The phish included UD’s logo and appeared to come from a legitimate UD email address, but the link led to a malicious page that attempted to steal personal information.

FYI Stories

June 6: UDid It! Picnic

All UD faculty and staff members are invited to attend the annual UDid It! employee appreciation picnic, set from 11 a.m.-1:30 p.m., Monday, June 6, on The Green.

2FA protects you

If you are using two-factor authentication (2FA), even if a hacker has your password, your information is probably safe.

Personal information stolen in a phishing scam is often used for financial fraud, but sometimes it is used to steal a computing account so the hacker can use the stolen account to launch other attacks. Therefore, one person’s false move could affect others on the Internet.

In light of this attack, faculty, staff and students are reminded to keep a vigilant watch for phishing attempts in both their UD and personal email inboxes.

Phishing messages often use scare tactics that trick victims into clicking a link without thinking. Doing so can lead to a malicious website, the download of malware or the surrender of personal information. In general, if an email seems “too good to be true,” do not open it.

Because UD is a large organization, it has become the target of spear phishing attempts in which hackers use UD-specific terminology, logos, names and department names to trick users into believing they are reading legitimate email messages.

UD IT reminds the University community:

  • Always verify information contained in an email message before clicking a link or downloading a file. For example, the May 15 phishing attempt made a claim about email storage that was easy to refute. UD Google Apps for Education accounts do not have storage quotas, and UD Exchange account quotas are visible from within Outlook or Outlook Web Access (OWA).
  • UD will never ask for any password or any other sensitive information through email.
  • Official UD email messages will not contain numerous typos or grammatical errors. If an email claiming to be an official message does not sound like it was written by a fluent English speaker, it’s probably a phishing attempt.
  • Official UD email messages usually come from email addresses. If an email claims to be from UD but does not come from a email address, verify the content before clicking links in or taking any action upon the message.
  • Official UD email messages will usually address you by name. If an email uses vague addresses like “Dear customer” or “Webmail user,” it’s probably a phishing attempt.
  • Before clicking, always inspect links in an email message by hovering your mouse over the link. Does it lead to a legitimate address?

For further information, IT encourages the UD community to review these resources:

Report suspicious email messages to your departmental IT staff or to the IT Support Center.

“Remember, you are a target. Information security is everyone’s responsibility. Always think before you click,” a UD IT representative said.

Article by Christopher Johnson

Graphic by Christopher Johnson, with some elements from Wikimedia Commons

News Media Contact

University of Delaware
Communications and Public Affairs

UDaily is produced by
Communications and Public Affairs

The Academy Building
105 East Main Street
University of Delaware
Newark, DE 19716 | USA
Phone: (302) 831-2792