End user awareness is the most effective tool.End users must know the ease with which
email can be forged, the importance of not clicking on dangerous/suspect
URLs, and must be wary of any email requests to enter usernames, passwords, credit
card numbers and social security numbers.
Include phishing in broad end user security education.
Proposal Subject to Approval
Gartner estimates 30 million Americans have received a phishing
attack, and about 3 percent submitted personal information in response.The threat against personal financial data
and identity theft is greater than the threat against University data -- no
phishing attacks have yet been reported targeting Penn passwords/systems.However the potential is there, and the most
effective remedy, awareness, is inexpensive.