You've clicked on a suspicious email link and put your device at risk of compromise. Fortunately, this was only a test. Please take 5 minutes and read this page so you can protect yourself against real attacks in the future.

Phishing emails entice you with attractive offers, or scare you with threats of loss, to trick you into visiting a malicious site and, often, handing over sensitive information. Had the email you received been an actual phish, clicking the link could have infected your computer or device with a "drive-by download"—malicious software programs that are installed silently and attempt to steal your passwords, personal information, or even lock you out of your device.

If you suspect you've received a phishing email, forward it to postmaster@utexas.edu and notify your local IT staff. Never click on any links contained in the message, or reply to the sender.

Let’s learn how you can detect phishing attacks like these so you don’t get caught by a real attack in the future.

This email may have piqued your curiosity, especially because it bears a strong resemblance to order confirmation emails sent by a certain large online retailer. But, several clues should lead you to think twice about the legitimacy of this email: its sender address, its unexpected nature, its misspellings, and its suspicious hyperlinks. Let's look at the specifics:

Phishing message displayed on a desktop computer
  1. The sender has set his display name to "Order Confirmation" but the sender's actual address shows its real origin: service@biezacefaktury.pl. This domain name is clearly not associated with UT Austin—or any recognizable online retailer—and should immediately raise doubts.
  2. Think about it: have you ordered anything recently using your UT Austin email address? If not, why are you receiving an order confirmation? This email doesn't even specify the retailer with which you placed the supposed order. In fact, it contains no identifying information about the business, at all. Would any legitimate business fail to mention its own name?
  3. The body of this message contains misspellings, like "procsesed" and "Estimate Deliver Date". It's unlikely that a professionally drafted message from a legitimate business would be written so carelessly.
  4. Hover over this hyperlink before clicking, and you'll see that it points to biezacefaktury.pl, an unknown website that is clearly not affiliated with any retailer with which you've done business. In fact, that website address means "current invoices" in Polish.

This email may have piqued your curiosity, especially because it bears a strong resemblance to order confirmation emails sent by a certain large online retailer. But, several clues should lead you to think twice about the legitimacy of this email: its sender address, its unexpected nature, its misspellings, and its suspicious hyperlinks. Let's look at the specifics:

Phishing message displayed on a mobile device
  1. The sender has set his display name to "Order Confirmation" but the sender's actual address shows its real origin: service@biezacefaktury.pl. This domain name is clearly not associated with UT Austin—or any recognizable online retailer—and should immediately raise doubts. Note that, on mobile devices, you may need to tap the "Details" button to see the sender's actual email address.
  2. Think about it: have you ordered anything recently using your UT Austin email address? If not, why are you receiving an order confirmation? This email doesn't even specify the retailer with which you placed the supposed order. In fact, it contains no identifying information about the business, at all. Would any legitimate business fail to mention its own name?
  3. The body of this message contains misspellings, like "procsesed" and "Estimate Deliver Date". It's unlikely that a professionally drafted message from a legitimate business would be written so carelessly.
  4. Long-press (tap and hold for 1-2 seconds) on this hyperlink instead of tapping, and you'll see that it points to biezacefaktury.pl, an unknown website that is clearly not affiliated with any retailer with which you've done business. In fact, that website address means "current invoices" in Polish.

These clues should cast doubt on the legitimacy of the email. Always check with your technical support contacts, the UT Service Desk, or the Information Security Office before clicking links in suspicious emails, or providing information to suspicious websites.

Back to top