Cybercriminals use images in phishing emails to impersonate real organizations. By using images like official logos (i.e., UT, UPS, FedEx, etc.) and promotional materials, cybercriminals hope to trick you into thinking the email is legitimate. 

In one recent incident, cybercriminals spoofed Delta Airlines to try to steal sensitive information. The body of the email consists of one large image. The image includes Delta’s logo, a photograph of one of their planes, and an image of a gift card. The email has a message promising a gift card if you act fast and click the image. After clicking the image, you’ll be redirected to a malicious website with a login page. If you enter your login credentials, cybercriminals will have access to your sensitive information.

This type of attack could also depict a UT site like the Central Authentication System (CAS) login page, prompting you to enter your NETID and password. The tip that it’s fake would be the URL in the address bar.

Follow the tips below to spot similar scams:

• Before you click a link, always hover your mouse over it. Make sure that the link leads to a legitimate, safe website that corresponds with the content in the email.
• If an offer sounds too good to be true, it probably is. Verify any offers of discounts or promotions by contacting the organization directly.
• Remember that this type of attack isn’t exclusive to Delta Airlines. Cybercriminals could use this technique to exploit any company in any country.