#9 Protect Yourself Against Phishing Attacks

December 24, 2010

Educate and protect yourself against malicious phishing attacks. Phishing refers to fraudulent emails that appear to be legitimate messages from Penn or other institution. These emails attempt to trick users into providing personal and confidential information. Phishing emails typically ask for your username, password, credit card numbers, or other sensitive information. Review these helpful tips and resources to protect yourself against these deceptive messages.

  1. All Genuine Correspondence from ITS is Signed: Messages signed “the team” (or some other such generic term) should be considered suspicious.
  2. ITS Will Never Ask for Your Password: Fraudulent messages will often ask for your username and password in order to reset your account or to provide a service. Never provide your password to anyone, even if they appear trustworthy.
  3. Check the From Address: Check if the message soliciting information comes from a foreign or illogical address.
  4. Double-check Web Addresses Before Clicking: Phishing messages will typically present a fake address for you to click on. In Outlook, hover over a link to see where it will actually direct you before clicking. Do not click links that do not match the printed text. Only type your PennKey or LawKey on upenn.edu pages.
  5. Consult the Office of Information Security Phishing List: Known phishing attacks that masquerade as Penn services can be found at http://www.upenn.edu/computing/security/phish/.
  6. When in Doubt, Contact ITS: Forward the suspicious email to itshelp@law.upenn.edu to find out if it is legitimate.
If you believe you have clicked on a phishing link or submitted private information, immediately change your passwords. It is always best to use a different password for each service to minimize the impact of a compromised account. If it matches your PennKey password, change your PennKey password. And if it matches your LawKey password, change your LawKey password
Additional Resources are Available Below:

Latest News

  • All Penn students are required to use Two-Step Verification to login to PennKey protected resources.
  • This year a new Special print account is being added for all Penn Law students. This account is to be used when printing for approved group and programs. All other printing remains the same, please read on for more details.