Skip to main content

#252 Reminder: Protect Yourself Against Phishing Attacks

February 05, 2015

Email scams often appear to originate from a legitimate and reputable source. Please take care and notify ITS of any suspicious emails. Your security is always worth our time.

Educate and protect yourself against malicious phishing attacks. Phishing refers to fraudulent emails that appear to be legitimate messages from Penn or other institution. These emails attempt to trick users into providing personal and confidential information. Phishing emails typically ask for your username, password, credit card numbers, or other sensitive information. Review these helpful tips and resources to protect yourself against these deceptive messages.

  1. All Genuine Correspondence from ITS is Signed: Messages signed “the team” (or some other such generic term) should be considered suspicious.
  2. ITS Will Never Ask for Your Password: Fraudulent messages will often ask for your username and password in order to reset your account or to provide a service. Never provide your password to anyone, even if they appear trustworthy.
  3. Check the From Address: Check if the message soliciting information comes from a foreign or illogical address.
  4. Double-check Web Addresses Before Clicking: Phishing messages will typically present a fake address for you to click on. In Outlook, hover over a link to see where it will actually direct you before clicking. Do not click links that do not match the printed text. Only type your PennKey or LawKey on upenn.edu pages.
  5. Consult the Office of Information Security Phishing List: Known phishing attacks that masquerade as Penn services can be found at http://www.upenn.edu/computing/security/phish/.
  6. When in Doubt, Contact ITS: Forward the suspicious email to itshelp@law.upenn.edu to find out if it is legitimate.
If you believe you have clicked on a phishing link or submitted private information, immediately change your passwords. It is always best to use a different password for each service to minimize the impact of a compromised account. If it matches your PennKey password, change your PennKey password. And if it matches your LawKey password, change your LawKey password
 
Additional Resources are Available Below: