Spring Cleaning Your Office? Know What to Do with E-Waste
Keep Your Identity Safe When Filing Taxes This Year
Why use Penn+Box when Storing Data in the Cloud
Mobile Device Security - 3 Recommendations for Cloud Users (Hint: That's You!)
Be Aware of QR Code Risks
Itís Data Privacy Month: Update Your Facebook Privacy Settings and More
How Are You Celebrating Data Privacy Month?
Stay Secure while Working on Public Wi-Fi Networks
Protecting Your Finances During This Year's Holiday Shopping Season
Cloud and You
Security and Privacy Online Training & Tools
October: Free Secure Disposal of Paper and Electronics at Employee Resource Fair; NCSAM
Student Privacy - What Do I Need To Know? A FERPA Reminder
Top 10 Tips for Securing Your Smartphone or Tablet
Working Off Campus? Some Tips to Consider
Tuesday, January 11, 2011 - Almanac Vol. 57, No. 17
Tips to Help Defend Against Phishing
Recently we have seen a rise in phishing attacks and other scams intended to capture sensitive information and/or distribute malware. The University of Pennsylvania is seeing an increase in targeted phishing attacks.
As a reminder, "phishing" refers to fraudulent e-mails that appear to be legitimate messages from Penn or an outside institution. Phishing e-mails ask you for your user-name, password, credit card numbers, or other sensitive information, or direct you to a website, in hopes of capturing your credentials.
Below are some tips to help you identify these scams and avoid disclosing personal or private information:
- No organization at Penn will ever ask you for your username and password via e-mail. If you get an e-mail asking for this information, assume it is a scam and do not respond.
- Always check the "FROM" address of a message that solicits information or prompts you to login, to see if it originated from a foreign or otherwise illogical address. For example, the latest round of Penn-directed phishing attacks came from a sender whose address ended in "@web.de" ("de" is Germany).
- Double-check the URL of any websites you are being told to click on in e-mail messages, especially if once directed there, you are asked to login. We recommend typing any URLs directly in to your browser rather than clicking on links. On a related note, be suspicious of URLs that take you to locations that don't make sense (such as a website that claims to be associated with Penn, but ends in .com, .org, .net, etc.)
- The Office of Information Security attempts to catalogue Penn-specific phishing attempts at www.upenn.edu/computing/security/phish/. This list can help you quickly and confidently identify a scam.
- When in doubt, don't respond to the e-mailóinstead, contact your Local Support Provider (LSP) for assistance.
If you believe you have mistakenly clicked on a link or otherwise disclosed private information in a phishing attack, immediately change your e-mail and PennKey passwords, contact your LSP, and notify Penn's Information Security office by e-mailing firstname.lastname@example.org.