Beware of Phishing E-mails in the Wake of Typhoon Haiyan
No E-mail from Penn Will Ask For Your Username/Password or SSN
The Children's Online Privacy Protection Act: Does It Apply to Your Website?
October: National Cyber Security Awareness Month; Free Secure Disposal of Paper and Electronics
What Basic Rules Protect Student Information at Penn? (September 2013)
Protecting Privacy and Security on Penn + Box
Security Starts With You
New Regulatory Changes: Do They Apply to Your Area?
Protecting Yourself from Rogue AntiVirus Warning Scams
Security and Privacy Tips for World Travelers
Handling Documents and Data of Faculty and Staff Who Have Left Penn
Spring Cleaning Your Office? Know What to Do with E-Waste
Keep Your Identity Safe When Filing Taxes This Year
Why use Penn+Box when Storing Data in the Cloud
Mobile Device Security - 3 Recommendations for Cloud Users (Hint: That's You!)
Tagged with keyloggers , identity theft , phishing
Tuesday, January 13, 2009 - Almanac Vol. 55, No. 17
Avoid Phishing E-mails: Here How
Phishing e-mails are the perfect storm.
- They are sophisticated and easy to fall for. Recent examples include commonly received warnings, such as “Your Mailbox is Over its Size Limit”; messages that seem to come from your real friends, especially in the form of greetings cards; and messages about major news events.
- They are frequent. The AntiPhishing Workgroup reported that crimeware-spreading URLs infecting PCs with password-stealing code rose 93 percent in the first quarter of 2008.
- And they are very dangerous. Some are dangerous because they ask for your personal information. Some are dangerous because a click on a link installs a keystroke logger that gets your personal information without needing to ask you for it. Either way, your risk of identity theft is significant.
How do you know what is a legitimate or illegitimate phishing attack?
- Get educated. One of the best sites we’ve seen for solid, beginner and advanced, quick and creative education is a site created by Carnegie Mellon University. Visit http://cups.cs.cmu.edu/antiphishing_phil/ or search the web for “anti-phishing phil” and follow the link to CMU’s website. You will be smarter about what to avoid and why.
- Double check lists of known scams. There are several good and reliable sources for checking on whether a message is legitimate or not. Check out http://www.snopes.com.
- Ask a Penn Resource. You may always ask Penn’s Office of Information Security or your local support provider for advice when you are unsure of whether an e-mail is a scam.