Skip to main content

One Step Ahead: I Ordered What? Don’t Get Phished

Another tip in a series provided by the Offices of Information Security, Information Systems & Computing and Audit, Compliance & Privacy

Deceptive phishing, in which attackers impersonate legitimate companies to obtain your personal or financial information, often relies upon creating a false sense of urgency to pressure victims into responding quickly—and against their better judgment. A scam that has become increasingly widespread in recent months illustrates how this pressure is applied. 

Victims receive an official-looking email regarding the auto-renewal of a well-known anti-virus product, including convincing details such as a company logo, or the full name of the email recipient. The fraudulent email states that the recipient will soon be, or has already been, charged hundreds of dollars to their credit card for the next annual cycle of anti-virus protection. A telephone number is provided if the email recipient wishes to dispute or reverse the financial charges.

When the victim calls the bogus telephone number provided, a scammer will answer and pretend to assist the victim, all while obtaining sensitive details such as credit card information.

Keep your guard up to avoid being taken in by phishing emails, which can often be characterized by:

  • Email sent from personal accounts, or domains unrelated to the sending organization
  • Attempts to create a sense of urgency, using time limits, account status, or financial sums
  • Grammatical errors and misspellings

You can further protect yourself by:

  • Contacting organizations using publicly available channels (such as a company’s website) rather than relying on phone numbers or links provided in an unsolicited email
  • Never giving out your passwords or login credentials—legitimate support professionals will not ask you for these details

If you receive a suspicious email, please contact your local computing support group.

--

For additional tips, see the One Step Ahead link on the Information Security website: https://www.isc.upenn.edu/security/news-alerts#One-Step-Ahead.

Back to Top