Reminder: How to Identify Phishing Attempts
Because phishing attempts have grown more and more sophisticated, it’s important to remain skeptical about unsolicited emails from addresses or people that you don’t recognize. Here are some tips to help you identify a phishing attempt:
- ITS and schools and centers affiliated with the University will never collect your username, password, or personal information via email.
- Check where links are trying to take you by hovering over links before clicking.
- Check whether an email has already been confirmed as a phishing attempt by checking this list.
Yesterday’s phishing attempt was particularly sophisticated because it wasn’t asking you to submit information, instead it wanted you to click a link to “verify” your email address. However, there were some ways to tell this email wasn’t legitimate:
- The email came from Penn.Online@upenn.edu, which is not affiliated with ITS.
- If an email is sent to you directly and not to a list, ITS will identify you by name and not by email address.
- ITS always signs their emails, so you should recognize who is sending it.
- The “Verify Email” link was pointing to “http://mail-exchange-upenn-edu.satfoundation.org/owa/auth/”, but all Penn websites will have a .edu address and not a .org address.
If you are unsure whether an email is legitimate, please don’t hesitate to give us a call or email firstname.lastname@example.org.