Guide to Spam and Phishing

This article explains the differences between spam  (unwanted, mass email messages) and phishing attempts (email messages that try to steal private information). It also details what to do if a Wharton account has been compromised.

Spam

What is Spam?

Spam emails are unwanted, unsolicited messages sent in bulk. Many spam emails are sent for straightforward commercial purposes, but some are harmful phishing emails that will attempt to gather your sensitive information.

Email providers (Gmail, O365) have spam filters that try to ensure untrustworthy, or possibly malicious, email doesn't make its way to your Inbox. Gmail provides basic spam filtering that will automatically move suspicious mail to your spam folder. Some email providers call this folder "Junk", so keep an eye out for either term. 

For more information on spam filtering at Wharton see our article, Spam Filtering Overview.

Email Spoofing

Some spammers "spoof" email addresses that makes it appear as if the mail they send is coming from a university email address. Unfortunately, there is not much Wharton Computing can do except suggest that you report the website/sender for spamming to sites like http://cbl.abuseat.org/ and or http://www.spamhaus.org/.

You might need to look up the site's IP address at a site like this:
http://get-site-ip.com/

Adding Addresses to your Whitelist

Gmail offers an option to add specific addresses or domains as "safe" so they aren't automatically marked as spam. This list is known as a "Whitelist." Your Whitelists only apply to your Gmail account, and must be managed and set by you. If you want to accept all email sent from a specific address, follow these instructions:

  1. Log in to your Gmail at gmail.com
  2. Click the gear icon in the top-right, and select Settings.
  3. Click the Filters and Blocked Addresses tab. 
  4. Click Create at New Filter. 
  5. In the pop-up window, enter the email address you want whitelisted in the From field.
    • NOTE: If you want a whole domain whitelisted, you can just enter the domain (ie, "@example.com").
  6. Click Create filter.
  7. Check "Never send it to Spam".
  8. Click Create filter.

Phishing

What are Phishes?

Phishes are scam emails sent to you by people or programs who are looking for access to your accounts or learn valuable information about you. They often appear to be from an administrator of the email system or another user on the system. The content of the email generally is one of the following:

  • warning that your account may close if you don't use your account credentials to log into their website
  • call to click on a link to address financial or other issues
  • request to update your work data

Phishing attempts are getting increasingly sophisticated and while we block any phishing attempts, no system is 100% effective. To test your knowledge on identifying these scams, check out this phishing quiz.

ISC offers an informative training on Information Security Essentials that can teach you how to best protect your data. For more information, see Phishing & Spear Phishing , or Phishing Emails Seen at Penn

Tips to Identify Phishing Attempts

  • Check the email sender. Most of the time phishing emails come from suspicious-looking addresses.
  • Look for poorly worded emails or misspellings (many phishing attempts are crafted by non-native English speakers).
  • Be cautious of unusual looking links. For example:
    •  "Helpdesk requires you to upgrade webmail by clicking http://mailverificationpage14.tk "

      Notice that there's no reference to Wharton, PennO365, Student Gmail, or your support team in the URL, and the extension is not a standard one. Never click on a link in a suspected phishing email.

  • When you click a link in an email pay close attention to the actual web address you've been sent to. If it looks suspicious do not enter your Wharton credentials.
  • Wharton Computing will never ask you for your username/password via email.

When in doubt, forward the questionable email to your Wharton Computing support team (see "Contact" below) or security@wharton.upenn.edu. It's better for everyone if you are cautious, and we are happy to confirm for you.

Compromised Account

There are several ways your Wharton account could have been compromised:

  • You've been the victim of a virus or phishing attack.
  • You left yourself logged into a public machine on Wharton's campus or on another public machine.
  • Your computer or smartphone was stolen.
  • You shared your password with someone.

If the account compromised could have had access to your personal computer, and you have sensitive information stored on that device, be sure to change any passwords for online banking and other secure sites.

What to do:

  1. Reset your Wharton, PennKey, and PennO365 passwords
    • If you believe your device has been compromised, use another computer or call Student Support to help you change your passwords.
  2. Change passwords that are similar or the same as your compromised password
    • Unique, complex passwords are one of the best ways to secure your account(s). Password managers, such as LastPass, autofill your credentials for you, allowing for easy and convenient account management while using long, complex, and secure passwords.
  3. Notify the appropriate Wharton Computing support team (see "Contact" below)
  4. Complete the Gmail Security checklist
  5. Determine if your password has been exposed in a data breech at https://haveibeenpwned.com/ and/or https://monitor.firefox.com/

If Wharton Computing requests the full email header, check out the Retrieve Complete Headers from an Email article.

For security best practices, make sure you:

Contact

Students → email support@wharton.upenn.edu or call (215) 898-8600

Faculty & PhD Students→ contact your Academic Distributed Representative (login required)

Staff → email admin-support@wharton.upenn.edu