|One Step Ahead: Security and Privacy Made Simple
December 21, 2010,
Volume 57, No. 16
Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy.
When sending an announcement via e-mail, it can be difficult to make sure recipients will recognize it as a legitimate communication from your office, and not as a forgery, scam, or phishing attempt. Here are some steps you can take to make sure recipients recognize your e-mail message as legitimate:
• Provide contact information (other than an e-mail address) that recipients can use to verify legitimacy, e.g., sender’s name as it appears in the Online Directory and campus phone number.
• Don’t send any sensitive information, e.g. passwords, in e-mail. Such information should be communicated using other, more secure channels.
• Include only Penn (upenn.edu) e-mail addresses and web sites in the e-mail.
• Whenever possible, avoid sending a website link at all, particularly if you need the recipient to go to the site to log in or provide personal information. Instead, recommend that they visit your site X (by using a bookmark or your known website address) and click on the link for Y.
For more information, contact ISC Information Security (firstname.lastname@example.org). For technical assistance, contact your Local Support Provider.
For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/