Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy

In Observance of NCSAM

October is National Cybersecurity Awareness Month (NSCAM). In observance of NSCAM, ISC Office of Information Security (OIS) is holding a number of events1 on foreign influence and cyber interference and its implications for high education. Due to a recent spear phishing incident on campus, OIS is communicating with schools and centers to raise awareness on phishing, specifically on spear phishing.

There are many types of phishing scams. Phishing is when a communication (phone, email, text) is designed to gain your trust for you to share sensitive information with the scammer or take immediate action. Spear phishing2 is when a phishing message is tailored to a specific company or a group of people such as the University of Pennsylvania community.

Recently a spear phishing scam has surfaced targeting members of the University community. These messages purport to come from a Penn administrator, asking people to help them with an urgent situation where they need to purchase gift cards for an event. If the user responds to the initial message, they are given instructions to buy several gift cards, scratch off the coating protecting a number, take a picture, and email the image back. Victims are typically using their funds to buy these gift cards. Once the gift card information has been sent, the purchases cannot be reversed.

To avoid phishing messages in general, slow down and verify before taking action. Requests like the one described above are not the way the University does business. If you have questions about an email or other suspicious communication, contact your local computing support provider (LSP) for assistance. You can contact OIS at security@isc.upenn.edu if you think you have fallen victim to a spear phishing or suspect a spear phishing.

1 Penn 2018 National Cybersecurity Awareness Month https://www.isc.upenn.edu/security/ncsm18

2 Phishing & Spear Phishing https://www.isc.upenn.edu/phishing-spear-phishing

For additional tips, see the One Step Ahead link on the Information Security website: https://www.isc.upenn.edu/security/news-alerts#One-Step-Ahead