Email Best Practices

Cybercriminals are quite clever in installing malicious software on your PC or obtaining sensitive information without your knowledge.  Here are a few tips to help you practice safe computing. 

  1. Don't open email attachments unless you are expecting the file from a person you know.  
    Even then you must be cautious since someone can spoof another person's email address.  (Spoofing is when someone sends an email to you and makes it appear as if it came from someone you know, like a friend, family member, or colleague.)  If you can't verify that an attachment is legitimate, delete it.
  2. Don't click on links within an email message.  
    Although the links may appear to be legitimate on the surface, the embedded link may actually take you to a different site with the goal of installing malware or to steal sensitive information.  For example, let's say you received an email with the following sentence:  Visit the Penn State Behrend web site.  Notice, that if you hover over the link for "Penn State Behrend" in this sentence, the URL behind the text is actually, not
  3. Be cautious if asked to confirm your password or other sensitive information via email. 
    Phishing scams involve messages that appear to come from a legitimate company, such as a bank or university, and ask that you click on a link to update or verify your personal information.  Penn State University and other reputable organizations do not use email to confirm your password or other sensitive information.  However, if you think the message might be legitimate, contact the company directly to see if you really need to take any action or not.  To learn more, see Be Safe: Phishing Tips.
  4. Run Identity Finder at least once per month to remediate any sensitive or confidential data that is stored on your computer. 
    For more details, please see the IPAS Scanning and Remediation Policy.
  5. Don't download unfamiliar software from the Internet and be aware of add-ins when installing software or applications. 
    Many free software packages, apps, and add-ins can collect personal information, generate pop-up ads, or install malicious software --- sometimes without your knowledge.  Frequently, these options are automatically checked, so be sure to uncheck the boxes or decline the offer before beginning the installation.
  6. Create a strong password and use a unique password for each account.
    Strong passwords are those that are not easy to guess and are at least 8 characters in length and use a combination of letters, numbers and special characters (if allowed by the site or application).  Also, enable security questions, if available.  See Password Best Practices for more details.  
  7. When it becomes available at Penn State, use two-factor authentication to prove it's really you. 
    Two-factor authentication adds another layer of security because, in addition to your password, a random passcode (or token) is required.  Penn State is in the process of initiating two-factor authentication across the University; more details will be provided in the future.  See the resources below for more information about two-factor authentication at Penn State.
  8. Make sure that your computer is running an up-to-date version of anti-virus software and that the latest patches are installed for your operating system and software applications. 
    Faculty, staff, and students can download a virus detection tool from Penn State's software download site.