|One Step Ahead
January 13, 2009, Volume 55, No. 17
Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy.
Avoid Phishing E-mails this Season
Here’s How: For Beginners and Advanced
- Phishing e-mails are the perfect storm.
• They are sophisticated and easy to fall for. Recent examples include commonly received warnings, such as “Your Mailbox is Over its Size Limit,” messages that seem to come from your real friends, especially in the form of greetings cards, and messages about major news events.
• They are frequent. The AntiPhishing Workgroup reported that crimeware-spreading URLs infecting PCs with password-stealing code rose 93 percent in the first quarter of 2008.
• And they are very dangerous. Some are dangerous because they ask for your personal information. Some are dangerous because a click on a link installs a keystroke logger that gets your personal information without needing to ask you for it. Either way, your risk of identity theft is significant.
How do you know what is a legitimate or illegitimate phishing attack?
1. Get educated. One of the best sites we’ve seen for solid, beginner and advanced, quick and creative education is a site created by Carnegie Mellon University. Visit http://cups.cs.cmu.edu/antiphishing_phil/ or search the web for “anti-phishing phil” and follow the link to CMU’s website. You will be smarter about what to avoid and why.
2. Double check lists of known scams. There are several good and reliable sources for checking on whether a message is legitimate or not. Check out www.snopes.com.
3. Ask a Penn Resource. You may always ask Penn’s Office of Information Security or your local support provider for advice when you are unsure of whether an e-mail is a scam.
To receive weekly OneStepAhead tips via email, send email to email@example.com with the following text in the body of the message: sub one-step-ahead <your name>.
For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/.