Skip to main content

One Step Ahead: Phishing Warning

One Step Ahead logo

Another tip in a series provided by the Offices of Information Security, Information Systems & Computing and Audit, Compliance & Privacy

There have been several high-profile campaigns of cyber-criminal attacks against institutions like Penn recently. With this spike in attacks, you should be on high alert. 

Malicious and misleading emails, also called “phishing” emails, are the number one way that cyber-criminals begin their attacks. A hyperlink or attachment can attack and silently take over your computer when clicked, or a fake login screen presented when you click can be used to get you to provide your password without realizing it.  

Here are some specific things you can do to help protect yourself and to protect Penn: 

Verify the Sender. While fake emails can be made to look entirely like authentic messages by manipulating the sender’s name, often you can spot a malicious email by carefully reviewing the full email address in the “From” field to confirm the sender is who they claim to be.

Report Suspicious Events.  Modern attacks are subtle and may lack obvious signs like slowing down your computer or causing error messages.  If you receive a suspicious message, or if you click a link or attachment and the resulting content doesn’t make sense, don’t hesitate to reach out to your local computing support provider for help—these attacks are generally easy to clean up when reported right away. You can also send any suspicious email to phishing@isc.upenn.edu for analysis.

Safer Ways to Open Messages: If you are unsure whether a message is authentic, the best approach is to contact the sender using a previously established phone number to confirm.

If you need to open an attachment or link, it is safer to do so using an up-to-date mobile device or Chromebook rather than using a Windows or Macintosh computer.

If you are opening an unfamiliar Microsoft Word or Excel document, do not select the “Enable” option in the yellow banner for editing, saving, or macros, which can allow the document to attack your computer. 

For additional tips, see the One Step Ahead link on the Information Security website: 

https://www.isc.upenn.edu/security/news-alerts#One-Step-Ahead

Back to Top