To help with determining whether an email is safe, an easy-to-use suspicious email guide is available for download via Box. 


Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication such as email.  A "phish" would be the email sent to obtain sensitive information.


Spoofing is sending an email that appears to be coming from a legitimate sender, including the display of what appears to be a proper FROM: or REPLY-TO: address.


Not sure what do to with an email you received?

  1. Do not forward.  If you receive a suspicious email, do not forward it.   If you have only read the message in a "preview pane", then do not double-click to open the entire message.  If you are not sure about this, then stop and call our Help Line at x8-HLPU (215-898-4578).
  2. Do not click any links or complete any embedded forms.  The links and other content of the email may be designed to steal information from you.
  3. Send us a separate email.  Reach out to ITS with our support email address at FinanceITS@upenn.edu.
  4. Call our Help Line above.  We can complete a technical analysis of the email to help determine whether it is legitimate or not.  


DoF Suspicious Email Guide