Skip to main content

Reminder: How to Identify Phishing Attempts

May 02, 2014

Because phishing attempts have grown more and more sophisticated, it’s important to remain skeptical about unsolicited emails from addresses or people that you don’t recognize.  Here are some tips to help you identify a phishing attempt.

Because phishing attempts have grown more and more sophisticated, it’s important to remain skeptical about unsolicited emails from addresses or people that you don’t recognize.  Here are some tips to help you identify a phishing attempt:

 

 

Yesterday’s phishing attempt was particularly sophisticated because it wasn’t asking you to submit information, instead it wanted you to click a link to “verify” your email address.  However, there were some ways to tell this email wasn’t legitimate:

 

  • The email came from Penn.Online@upenn.edu, which is not affiliated with ITS.
  • If an email is sent to you directly and not to a list, ITS will identify you by name and not by email address.
  • ITS always signs their emails, so you should recognize who is sending it
  • The “Verify Email” link was pointing to “http://mail-exchange-upenn-edu.satfoundation.org/owa/auth/”, but all Penn websites will have a .edu address and not a .org address.

 

If you are unsure whether an email is legitimate, please don’t hesitate to give us a call or email itshelp@law.upenn.edu.