Phishing

THERE IS NO “upenn Team”, “EDU Webmail Team”, etc. at Penn DO NOT RESPOND TO ANY REQUESTS FOR YOUR ACCOUNT INFORMATION VIA E-MAIL, TELEPHONE OR ANY OTHER MEDIA.

If you ever have any questions please contact your LSP. There are no stupid questions!
Educate yourself. Please review the following phishing resources at your leisure.

Known phishing attacks that masquerade as Penn services can be found at http://www.upenn.edu/computing/security/phish/

Educause Article

Authors:

You may not realize it, but you are a phishing target at school, at work, and at home. Ultimately, you are the most effective way to detect and stop phishing scams. When viewing e-mail messages, texts, or social media posts, look for the following indicators to prevent stolen passwords, personal data, or private information.

  • Beware sketchy messages. Phishy messages may include a formal salutation, overly-friendly tone, grammatical errors, urgent requests, or gimmicks.
  • Avoid opening links and attachments. Even if you know the sender, don’t click on links that could direct you to a bad website. And do not open attachments unless you are expecting a file from someone.
  • Verify the source. Check the sender’s e-mail address to make sure it’s legitimate. If in doubt, just delete the message.

Tips

  • #Phishing attacks: the first and best line of defense is a good offense. Report phishy communications to your IT department/LSP.
  • Remember that reputable institutions will never e-mail you to confirm details of your account. #Phishing
  • Typos or other mistakes may indicate the e-mail in question is a #Phishing attack.
  • Never give out information over the phone if you did not initiate the call. #Phishing
  • Never e-mail confidential information to anyone. #Phishing
  • Be wary of links e-mailed or texted from unknown or unverified senders. Type the URL in your browser. #Phishing

Resources

Share these resources with end users or use them to inform your awareness strategy.


The article above is brought to you by the Awareness and Training Working Group of the EDUCAUSE Higher Education Information Security Council (HEISC).