Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy

Gift Card Scams @ Penn

Penn’s Office of Information Security saw a rise in gift card phishing scams on campus in the last few months. Typically, the scammer sends an email message to a Penn staff member pretending to be a high-ranking administrator, e.g., School Dean or Executive Director. The message indicates the sender is occupied and in need of immediate assistance in purchasing gift cards from a specific store or brand for a specific amount. The message also requests that the recipient send back the gift card codes to the sender either by taking a photo of the codes and sending the image back as an email attachment or sending back the list of codes in an email.

Recipients who fell for the scam either lost personal funds or Penn funds when a Procard was used for the gift card purchase. To protect yourself, and Penn, be aware:

• Verify the message with the sender, with your manager or IT support provider before you take any action.
• Read the sender’s email address carefully. Usually Penn employees use a Penn email address for work communication, e.g., username@ upenn.edu
• If in doubt about the email address, hit reply to but don’t send. Pay attention if the email address changes in the reply to field to a non-Penn email.
• This is not how Penn does business. Penn personnel will NOT ask you for assistance in purchasing gift cards for personal purposes.
• If you have fallen victim to this scam, report the incident to your IT support staff. If you are unaware who provides your IT support, contact the Office of Information Security at security@isc.upenn.edu

For more information visit https://www.isc.upenn.edu/security/gift-card_scam

For additional tips, see the One Step Ahead link on the Information Security website: https://www.isc.upenn.edu/security/ news-alerts#One-Step-Ahead