Below is a sample of a cleverly crafted email intended to trick you into giving your username and password:
The Sender of the message says its University of Louisiana at Lafayette, but look closer at the actual "From" address: "firstname.lastname@example.org". That doesn't look right! You're first clue to REPORT IT and DELETE IT!
Look at the Content and included URL of the email. When you hover your mouse over the hyperlink titled "Cick Here to Upgrade". It reveals a what looks like a louisiana.edu address. But look closer:
The first part of the URL, the part just after the "http://", starts with something other than louisiana.edu. The part after the first slash (/), does say louisiana.edu. Confusing, isn't it?
If UL Lafayette provides a link in an email or any other form of electronic communication, the URL will always BEGIN with louisiana.edu. An example is our online password change utility: https://www.ucs.louisiana.edu/cgi-bin/change_pass.pl. Notice the part immediately after the https: has louisiana.edu BEFORE the first slash (/). If a hyperlink in an electronic communication provides a link to something other than louisiana.edu, it is most likely a phishing attempt. REPORT IT and DELETE IT!
This particular example is very dangerous. It has the UL Lafayette logo, which is not displayed correctly. It also contains official wording from UL Lafayette. It also appears to have a lousiaina.edu address in the provided URL, along with references to webmail and Zimbra. But if you use SCUD, Sender Content URL Delete, you'll pick up on the two clues that give it away as a phishing attempt. The Sender's address is not @louisiana.edu, and the URL sends you to a non louisiana.edu site.
REPORT IT and DELETE IT!