ITS Online

#9 Protect Yourself Against Phishing Attacks

December 24, 2010

Educate and protect yourself against malicious phishing attacks. Phishing refers to fraudulent emails that appear to be legitimate messages from Penn or other institution. These emails attempt to trick users into providing personal and confidential information. Phishing emails typically ask for your username, password, credit card numbers, or other sensitive information. Review these helpful tips and resources to protect yourself against these deceptive messages.

  1. All Genuine Correspondence from ITS is Signed: Messages signed “the team” (or some other such generic term) should be considered suspicious.
  2. ITS Will Never Ask for Your Password: Fraudulent messages will often ask for your username and password in order to reset your account or to provide a service. Never provide your password to anyone, even if they appear trustworthy.
  3. Check the From Address: Check if the message soliciting information comes from a foreign or illogical address.
  4. Double-check Web Addresses Before Clicking: Phishing messages will typically present a fake address for you to click on. In Outlook, hover over a link to see where it will actually direct you before clicking. Do not click links that do not match the printed text. Only type your PennKey or LawKey on pages.
  5. Consult the Office of Information Security Phishing List: Known phishing attacks that masquerade as Penn services can be found at
  6. When in Doubt, Contact ITS: Forward the suspicious email to to find out if it is legitimate.
If you believe you have clicked on a phishing link or submitted private information, immediately change your passwords. It is always best to use a different password for each service to minimize the impact of a compromised account. If it matches your PennKey password, change your PennKey password. And if it matches your LawKey password, change your LawKey password
Additional Resources are Available Below:

Latest News

  • The Center for Computer Assisted Legal Instruction, also known as CALI, provides online interactive tutorials on various legal subjects.  Tutorials are authored by law faculty and peer reviewed by a member of the CALI Editorial Board.  Here is information on how to create an account and access the materials.
  • With so many digital tools that require passwords, it’s difficult to create memorable passwords that are both unique and hard to guess. Use LastPass to get control of your passwords for National Cyber Security Awareness Month!