ks6+Pf&Ô,YnRi$M^~HH  JoE-ǹy&qbw/o~?޼ C1A1uw 92b$C i456ǂ:'rjyO$JZ&aًKlnD#ƹvfvIو',v=%$TNcdgEV5iWtg\8&О1r@Җ y>e3F\  C#B(jW/#8yDG802ê[[fTF o^ӆ[XO0)D䔜J=%$+9õ@h;loj[{f:Z4*gN:®!$Cʴ>6RhM X_Oyާί9ϩ4wGD3щfљEԀTW)e4e\֠Ә}*ӓX[1%v"*DD7k.Ml MLKݷIrǮ,JpP^1bxmGˁF9%n{?Z?86;3zeS֪M<3jB Mp`L%dNw^3 ddZP^<%E`ָ N# Zf\gnM3[KJ_'Ut=QpF gh+cjT:s!7ԞԚUY u+>nU{Z `|`27 uqI"ru"Mqv=C9cX;hc-Pffq P]=8" YS\1*)k>՝_}0t$^YZ1lq#l07N"n5+a8i^& "hUM zVCA+>qOZx,VsW4E IFrD`,POSJ#Xz+6h4om̅Ři8 5(A`jh7?9hDzCCPVA81@Fqk$麮5Gff^t:^BЊº(ƃs^"X`37MZ 3<2!nc *6GLkW,sC{Y2`: R10S"ӸSmXm!u5u=7 1@1}RS :޺CL惇?܄U?hnŀ\`E,Vwǵ>h?>3º_]B|NWyiZsw@EUPQM~]8.\:K̍pXl` ~ 47,HJ- .qe3- #4[Is0FW9jY2#̺PlQG A0@;9l7 KBBN@n?+,56f?+"w^ټoPK$w!8CoL'1^f$оn67ءUasb !eܘ쥫3}sZn`ChЪ6:*YR)uߔy2:&f&9+*uJHjƓ}XNjL8_ȘRu@cޑ7/^*~q 8l,=*֞߻ß~"pw>(A?ݣaFLK*?Ow 1$mj $jl׏V~`"WqlUfa_y5O]κ.ƾqg1F3r{ iٞ0OaU fZOsKU٧ 5QK4cb ffTtirrk%6Lss}wߕ)vHlN1f3<6"bSyr͜p"e:MFLL3yC15Z9,vo[q)mԨS ,xd4YR,ݫmF>;S]&apV+2KHq&y6]y @eQ9J?:;b}3ĭY!g\OTeCO*%qA2d#dp 5w|˷ĞUbI(L]{.Rɏ7'G7O>׼FjSvON`R$H'/z[H9 ,oFcSc>f,ɬ{ah/rnh?n4O==l>i*=$c'rR~HաjU0 єz \ܩ &@@q!?O5/G3(\۝UiZ|Wm^ި5P[< +yc"=C'\:E.|`*Mz1´h&b ̛\ 01/11/11, One Step Ahead - Almanac, Vol. 57, No. 17
Print This Issue

One Step Ahead
January 11, 2011, Volume 57, No. 17

One Step Ahead

Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy.

Tips to Help Defend Against Phishing

Recently we have seen a rise in phishing attacks and other scams intended to capture sensitive information and/or distribute malware. The University of Pennsylvania is seeing an increase in targeted phishing attacks.

As a reminder, “phishing” refers to fraudulent e-mails that appear to be legitimate messages from Penn or an outside institution. Phishing e-mails ask you for your user-name, password, credit card numbers, or other sensitive information, or direct you to a website, in hopes of capturing your credentials.

Below are some tips to help you identify these scams and avoid disclosing personal or private information: 

1. No organization at Penn will ever ask you for your username and password via e-mail.  If you get an e-mail asking for this information, assume it is a scam and do not respond.

2. Always check the “FROM” address of a message that solicits information or prompts you to login, to see if it originated from a foreign or otherwise illogical address. For example, the latest round of Penn-directed phishing attacks came from a sender whose address ended in “@web.de” (“de” is Germany).

3. Double-check the URL of any websites you are being told to click on in e-mail messages, especially if once directed there, you are asked to login. We recommend typing any URLs directly in to your browser rather than clicking on links. On a related note, be suspicious of URLs that take you to locations that don’t make sense (such as a website that claims to be associated with Penn, but ends in .com, .org, .net, etc.)

4. The Office of Information Security attempts to catalogue Penn-specific phishing attempts at www.upenn.edu/computing/security/phish/  This list can help you quickly and confidently identify a scam.

5. When in doubt, don’t respond to the e-mail—instead, contact your Local Support Provider (LSP) for assistance.

If you believe you have mistakenly clicked on a link or otherwise disclosed private information in a phishing attack, immediately change your e-mail and PennKey passwords, contact your LSP, and notify Penn’s Information Security office by e-mailing security@isc.upenn.edu.


For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security

Almanac - January 11, 2011, Volume 57, No. 17