Educate and protect yourself against malicious phishing attacks. Phishing refers to fraudulent emails that appear to be legitimate messages from Penn or other institution. These emails attempt to trick users into providing personal and confidential information. Phishing emails typically ask for your username, password, credit card numbers, or other sensitive information. Review these helpful tips and resources to protect yourself against these deceptive messages.
- All Genuine Correspondence from ITS is Signed: Messages signed “the team” (or some other such generic term) should be considered suspicious.
- ITS Will Never Ask for Your Password: Fraudulent messages will often ask for your username and password in order to reset your account or to provide a service. Never provide your password to anyone, even if they appear trustworthy.
- Check the From Address: Check if the message soliciting information comes from a foreign or illogical address.
- Double-check Web Addresses Before Clicking: Phishing messages will typically present a fake address for you to click on. In Outlook, hover over a link to see where it will actually direct you before clicking. Do not click links that do not match the printed text. Only type your PennKey or LawKey on upenn.edu pages.
- Consult the Office of Information Security Phishing List: Known phishing attacks that masquerade as Penn services can be found at http://www.upenn.edu/computing/security/phish/.
- When in Doubt, Contact ITS: Forward the suspicious email to firstname.lastname@example.org to find out if it is legitimate.