Skip to main content

One Step Ahead: Spam vs. Phishing

 

 

 

 

Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy

Spam is unsolicited commercial email for selling products or services to a large market similar to the junk mail you receive at home such as coupons, advertisements and unsolicited catalogs. Usually, you discard junk mail unless you are interested in using the coupons or making a purchase. Be cautious of opening unsolicited commercial email as it could be a scam prompting you to click on a link or download a file to view or purchase a product. The best course of action is to delete any unsolicited email without opening it. You can also customize your spam filter and use the report spam option in your email platform e.g., Gmail, MS Outlook and Apple Mail. 

Phishing is email targeted to specific groups or individuals prompting immediate action or response.  Phishing email messages are:

  • Interactive—Requests take an immediate action to attempt acquiring the recipients’ sensitive information e.g., passwords, SSNs, credit card details, banking information, etc.
  • Often a phishing message contains malicious code as a link or attachment. The code is executed when the recipient clicks on the link or downloads the attachment. This code can allow others’ to have complete control over your computer or device.  

To combat phishing:

  • Avoid providing sensitive information in response to an unsolicited email request.
  • Verify the sender and the contact before acting. Check with your supervisor, department IT support staff, or contact your bank or government entity for confirmation and/or validation.
  • Pay attention to the website URL. A malicious website masquerading as a university may use the domain “.net” instead of “.edu.”
  • Delete unsolicited email message without opening.
  • Report suspicious email to your department IT support staff, or to the Office of Information Security at security@isc.upenn.edu

For additional tips, see the One Step Ahead link on the Information Security website: https://www.isc.upenn.edu/security/news-alerts#One-Step-Ahead

Back to Top