Heartbleed OpenSSL Vulnerability
Security and Privacy Tips for World Travelers
Filing Taxes Online This Year? Take Steps to Protect Your Information!
If your computer runs Windows XP, you must update it now!
Why Should You Report Security Incidents? And How Do You Report One?
Photo and Video Privacy Issues
The Password is Dead, Long Live the Password!
Data Privacy Month: NSA Surveillance Panel at the National Constitution Center
Protecting Your Finances During This Year’s Holiday Shopping Season
Beware of Phishing E-mails in the Wake of Typhoon Haiyan
No E-mail from Penn Will Ask For Your Username/Password or SSN
The Children's Online Privacy Protection Act: Does It Apply to Your Website?
October: National Cyber Security Awareness Month; Free Secure Disposal of Paper and Electronics
What Basic Rules Protect Student Information at Penn? (September 2013)
Protecting Privacy and Security on Penn + Box
Tagged with keyloggers , identity theft , phishing
Tuesday, January 13, 2009 - Almanac Vol. 55, No. 17
Avoid Phishing E-mails: Here How
Phishing e-mails are the perfect storm.
- They are sophisticated and easy to fall for. Recent examples include commonly received warnings, such as “Your Mailbox is Over its Size Limit”; messages that seem to come from your real friends, especially in the form of greetings cards; and messages about major news events.
- They are frequent. The AntiPhishing Workgroup reported that crimeware-spreading URLs infecting PCs with password-stealing code rose 93 percent in the first quarter of 2008.
- And they are very dangerous. Some are dangerous because they ask for your personal information. Some are dangerous because a click on a link installs a keystroke logger that gets your personal information without needing to ask you for it. Either way, your risk of identity theft is significant.
How do you know what is a legitimate or illegitimate phishing attack?
- Get educated. One of the best sites we’ve seen for solid, beginner and advanced, quick and creative education is a site created by Carnegie Mellon University. Visit http://cups.cs.cmu.edu/antiphishing_phil/ or search the web for “anti-phishing phil” and follow the link to CMU’s website. You will be smarter about what to avoid and why.
- Double check lists of known scams. There are several good and reliable sources for checking on whether a message is legitimate or not. Check out http://www.snopes.com.
- Ask a Penn Resource. You may always ask Penn’s Office of Information Security or your local support provider for advice when you are unsure of whether an e-mail is a scam.