How can I tell if an email is legitimate?

It is often difficult to tell for sure, so you should be skeptical about all email claiming to be from CETS, or elsewhere at Penn. Here are a few guidelines:

  1. Never give your password to anyone, even CETS, in response to an email.
  2. Never use email to send private information (e.g. Social Security or credit card numbers).
  3. Never enter confidential information into a website claiming to be from CETS or Penn unless you are certain the website is legitimate. A legitimate CETS or Penn website will have a security certificate issued to the University of Pennsylvania (see below).

See Penn ISC's Phishing & Spear Phishing for more useful information.

Generally, replies in an ongoing conversation or with specific references to an earlier conversation are more trustworthy than email sent "out of the blue", even from SEAS senders. If an email does not make sense, do not click on a link or open an attachment to get more information. Scammers often combine urgency and confusion to trick people into exposing their personal data.

If your instinct tells you something is probably spam/phishing, you're probably right. Just delete it. If you are concerned or unsure about the authenticity of an email, forward the email to CETS, and let us handle it.

© Computing and Educational Technology Services