Beware of Phishing Emails in the Wake of Typhoon Haiyan |
|
November 19, 2013, Volume 60, No. 14
|
Another tip in a series provided by the
Offices of Information Systems & Computing and Audit, Compliance & Privacy
Phishing attacks solicit personal information by posing as trustworthy organizations in emails or websites. They tend to proliferate after events that lead to increased charitable contributions like typhoons and floods.
To avoid becoming a victim, the US Computer Emergency Readiness Team recommends that you:
• never reveal personal or financial information in an email
• never respond to email solicitations for such information
• avoid following links sent in email,
• never send sensitive information before checking a website’s security and confirming the legitimacy of the URL. Malicious websites may look identical to legitimate ones, but the URL may use a different spelling or domain (e.g., .com vs. .net).
If you believe you disclosed confidential information, report it to the appropriate people within the legitimate organization that was “faked” in the phishing email. Work with your financial institutions if you believe your financial accounts have been compromised, monitor charges to your account and change passwords you might have revealed. If you use the same password for multiple accounts, change them to use different passwords for different accounts. You can contact your LSP for assistance.
To learn more about protecting your private information from phishing attacks, visit www.us-cert.gov/cas/tips/ST04-014.html and www.antiphishing.org/
For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/
Related: A Message to the Penn Community From President Amy Gutmann Regarding Typhoon Haiyan
Related: A Coffeehouse to Support Gawad Kalinga |