Frequently Asked Questions

What is phishing and how do I avoid it?

Phishing is a cyber attack in which scammers send fake emails with intent to steal your personal information or get you to download malware. Common examples of phishing emails include unexpected “special offers,” notifications that your email account is reaching its quota or may be suspended, or classic scams like the Nigerian advance fee fraud.


    How do I avoid falling victim to phishing scams?

    Always verify that the sender is legitimate and that the links go to trustworthy domains. Look for mistakes in the information or wording of the email. If you have questions about the email’s content, contact the alleged sender through a separate channel. You can also check the Secure UD Threat Alerts blog to see if the email has been identified as a known scam. If you receive a phishing scam, just erase it.

    What is Spear Phishing?

    Spear Phishing is particularly dangerous. In a spear phishing attack, scammers use a company’s real logos, names, and terminology and may even spoof real email addresses in order to create convincing phishing emails to trick that company’s employees. For example, previous spear phishing attacks on the University community have used terms like “UDelNet” and logos like the interlocking UD in official-looking fake emails.


    What kinds of information are safe to share on social networking sites?

    When using social media, control your shared information and limit personal details. Attackers can exploit shared data for impersonation or authentication bypass. Remember, once posted, information can’t always be deleted, and personal photos may circulate widely. Adjust privacy settings, censor personal data, and consider disabling location services and photo tagging.

    What is two-factor authentication (2FA)?

    Two-factor authentication (2FA) enhances account security by requiring an additional authentication factor after the standard username and password. It prevents unauthorized access even if passwords are compromised. By entering a temporary security code or answering a security question, hackers are unable to log in without the second factor, ensuring stronger protection for your accounts.