ks6+Pf&Ô,YnRi$M^~HH  JoE-ǹy&qbw/o~?޼ C1A1uw 92b$C i456ǂ:'rjyO$JZ&aًKlnD#ƹvfvIو',v=%$TNcdgEV5iWtg\8&О1r@Җ y>e3F\  C#B(jW/#8yDG802ê[[fTF o^ӆ[XO0)D䔜J=%$+9õ@h;loj[{f:Z4*gN:®!$Cʴ>6RhM X_Oyާί9ϩ4wGD3щfљEԀTW)e4e\֠Ә}*ӓX[1%v"*DD7k.Ml MLKݷIrǮ,JpP^1bxmGˁF9%n{?Z?86;3zeS֪M<3jB Mp`L%dNw^3 ddZP^<%E`ָ N# Zf\gnM3[KJ_'Ut=QpF gh+cjT:s!7ԞԚUY u+>nU{Z `|`27 uqI"ru"Mqv=C9cX;hc-Pffq P]=8" YS\1*)k>՝_}0t$^YZ1lq#l07N"n5+a8i^& "hUM zVCA+>qOZx,VsW4E IFrD`,POSJ#Xz+6h4om̅Ři8 5(A`jh7?9hDzCCPVA81@Fqk$麮5Gff^t:^BЊº(ƃs^"X`37MZ 3<2!nc *6GLkW,sC{Y2`: R10S"ӸSmXm!u5u=7 1@1}RS :޺CL惇?܄U?hnŀ\`E,Vwǵ>h?>3º_]B|NWyiZsw@EUPQM~]8.\:K̍pXl` ~ 47,HJ- .qe3- #4[Is0FW9jY2#̺PlQG A0@;9l7 KBBN@n?+,56f?+"w^ټoPK$w!8CoL'1^f$оn67ءUasb !eܘ쥫3}sZn`ChЪ6:*YR)uߔy2:&f&9+*uJHjƓ}XNjL8_ȘRu@cޑ7/^*~q 8l,=*֞߻ß~"pw>(A?ݣaFLK*?Ow 1$mj $jl׏V~`"WqlUfa_y5O]κ.ƾqg1F3r{ iٞ0OaU fZOsKU٧ 5QK4cb ffTtirrk%6Lss}wߕ)vHlN1f3<6"bSyr͜p"e:MFLL3yC15Z9,vo[q)mԨS ,xd4YR,ݫmF>;S]&apV+2KHq&y6]y @eQ9J?:;b}3ĭY!g\OTeCO*%qA2d#dp 5w|˷ĞUbI(L]{.Rɏ7'G7O>׼FjSvON`R$H'/z[H9 ,oFcSc>f,ɬ{ah/rnh?n4O==l>i*=$c'rR~HաjU0 єz \ܩ &@@q!?O5/G3(\۝UiZ|Wm^ި5P[< +yc"=C'\:E.|`*Mz1´h&b ̛\ 1/13/09, One Step Ahead - Almanac, Vol. 55, No. 17
Print This Issue

One Step Ahead
January 13, 2009, Volume 55, No. 17

One Step Ahead

Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy.

Avoid Phishing E-mails this Season

Here’s How: For Beginners and Advanced - Phishing e-mails are the perfect storm.

They are sophisticated and easy to fall for. Recent examples include commonly received warnings, such as “Your Mailbox is Over its Size Limit,” messages that seem to come from your real friends, especially in the form of greetings cards, and messages about major news events.

They are frequent. The AntiPhishing Workgroup reported that crimeware-spreading URLs infecting PCs with password-stealing code rose 93 percent in the first quarter of 2008. 

And they are very dangerous. Some are dangerous because they ask for your personal information. Some are dangerous because a click on a link installs a keystroke logger that gets your personal information without needing to ask you for it. Either way, your risk of identity theft is significant. 

How do you know what is a legitimate or illegitimate phishing attack?

1. Get educated. One of the best sites we’ve seen for solid, beginner and advanced, quick and creative education is a site created by Carnegie Mellon University. Visit http://cups.cs.cmu.edu/antiphishing_phil/ or search the web for “anti-phishing phil” and follow the link to CMU’s website. You will be smarter about what to avoid and why.

2. Double check lists of known scams. There are several good and reliable sources for checking on whether a message is legitimate or not. Check out www.snopes.com. 

3. Ask a Penn Resource. You may always ask Penn’s Office of Information Security or your local support provider for advice when you are unsure of whether an e-mail is a scam.


To receive weekly OneStepAhead  tips via email, send email to listserv@lists.upenn.edu with the following text in the body of the message:  sub one-step-ahead <your name>.

For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/.

Almanac - January 13, 2009, Volume 55, No. 17