Phishing Emails: What are they & What to do


This article will attempt to define what phishing emails are and how they affect your accounts (Penn LPS Online Google@SAS or Personal).

What are they?

Phishing emails are sent to you by people or programs who are looking for access to your accounts or any valuable information. They often appear to be from an administrator of the Email system, and threaten that your account may close if you don't use your account credentials to log into their website.

>> Common Phishing Emails Seen at Penn

Tips to help identify phishing attempts:

  • ALWAYS check the email sender, most of the time phishing emails come from suspicious-looking addresses.
  • The University of Pennsylvania and SAS Computing will never ask you for your username/password via email.
  • Often phishing emails are poorly written and full of misspelled words.
  • Many phishing emails contain unusual looking links. One recent example contained the following sentence in the email:

    "Helpdesk requires you to upgrade webmail by Clicking "- Notice that there's no reference to Penn LPS Online, the University of Pennsylvania, or Student Support in the URL, and the extension is not a standard one.

  • Even if a link looks legitimate, be cautious and consider the other tips listed above, never click on a link in a suspected phishing email.
  • When you click a link in an email pay close attention to the actual web address you've been sent to. If it looks suspicious do not enter your Penn credentials.

What To Do

If you do click on a link from a phishing email, change your SAS email account password immediately.  If you use the same password (or similar ones) for other accounts, change those as well.


*Adapted with permission from