Important: If you receive a phishing scam to your University email address, forward it to GSE IT at email@example.com, and include complete headers.
Phishing refers to a common scam that falsely claims to be from a trusted source. This is usually combined with a threat or request for information which may include clicking a link.
Even with sophisticated security measures, YOU are the best defense against phishing scams.
Please know that Penn will never solicit your username, password or other private information (such as full or partial Social Security Number).
Here are 5 tips on handling phishing emails
Tip 1. Look for fake URLs
This is easy. Just hover your cursor over the URL and it will display the real destination. For example, hovering your cursor over www.hr.upenn.edu shows it actually takes you to NASA’s main web site (bottom left corner). Do not click any links or attachments. If you clicked them by accident, please report to us immediately.
Tip 2. Trust your instincts
How: Look for glaring content, spelling, and grammatical errors. If it doesn’t look right, ignore or delete the message.
Tip 3. Slow down and look at the message carefully
How: A common phishing tactic is instilling a sense of urgency. The message will either convey something appealing to take action on (“Click here to receive your bonus!”), or something unfavorable if ignored “account has been suspended”.
Tip 4. Never, ever give up your username and password.
How: Legitimate organizations, including GSE IT, will never ask for your username or password.
Tip 5. Verify the sender is who you think it is
How: This can be difficult since email addresses can be spoofed and therefore undetectable as such in the basic email user interface. Barring that, look for easy giveaways, such as using personal accounts for urgent business requests. If the address refers to a website, search the address in a browser to learn more.
Suspects it's a phish? Let us investigate it for you
Forward your suspicious-looking email to GSE IT via firstname.lastname@example.org to verify the validity.