Another tip in a series provided by the Offices of Information Security, Information Systems & Computing and Audit, Compliance & Privacy

With email systems becoming more secure against fraudulent phishing messages, scammers have started to resort to text/SMS messages, social media accounts, and even phone calls to trick unsuspecting victims. These platforms often don’t have the same phishing protections that your work and personal email accounts do.

While the accounts may be different, the way scammers try to trick you is very much the same. The techniques you use to identify phishing emails can be used to protect you elsewhere. Scammers try to introduce a sense of urgency, like an “Are you available?” text message from your manager or their manager, or a phone call that claims to be the Internal Revenue Service or law enforcement. 

When you get messages like these, stop and evaluate: who is contacting you, and what do they want? Would your manager’s manager actually contact you via text message, rather than email? Would they expect you to purchase gift cards using personal funds? The University has strict rules regarding financial transactions, and they do not permit the purchase of gift cards with personal funds for departmental or University business. 

Of course, presumed contact from law enforcement, immigration officials, or the Internal Revenue Service may feel intimidating. However, these organizations don’t collect fines by using text messages or social media, nor do they request payment using gift cards. 

Remember, before you attempt to make any type of contribution or payment in response to being contacted by others, always be sure to use the official, published contact information for the organization in question —not the false information given to you by scammers—to confirm any obligations you may have. All major web search engines can readily guide you to contact information for major organizations.

If you are concerned about anyone contacting you in this manner, disconnect or hang up—and then seek help, which includes reporting your experience to ISC at security@isc.upenn.edu. 

• Policy on gifts: https://www.finance.upenn.edu/policy/2326-gifts-based-on-university-employee-relationship/
• Internal Revenue Service assistance: https://www.irs.gov/help/telephone-assistance
• US Citizenship and Immigration Services: https://www.uscis.gov/
• Law Enforcement scam warning: https://www.usmarshals.gov/news/chron/2019/scam-alerts.htm

For additional tips, see the One Step Ahead link on the Information Security website: https://www.isc.upenn.edu/security/news-alerts#One-Step-Ahead