Do Not Provide Usernames and Passwords via Email
No legitimate organization (including ITS) will ever ask for your username and/or password to be submitted via email. If you receive an email asking for this information, please assume it is spam and do not respond. Here are some additional tips to help you identify phishing attempts:
- If the email contains links, you can check the links before clicking on them by hovering over them with your cursor. For more information, please see this ITS tip.
- Be skeptical of any email that emphasizes urgency (for example: “Click here now or your account will be deleted”)
- Check the FROM address to see if the message comes from an illogical address.
- Check the UPenn Phishing Archive to see if the message is a known phishing attempt.
If you are unsure whether or not an email request is legitimate, please do not hesitate to reach out to us over the phone or through firstname.lastname@example.org.