Skip to main content

One Step Ahead: Sophisticated Phishing Attacks on the Rise

One Step Ahead logo

Another tip in a series provided by the Offices of Information Security, Information Systems & Computing and Audit, Compliance & Privacy

In the past two months, the Office of Information Security (OIS) saw an increased number of sophisticated phishing attacks targeting University faculty and staff. The attacks aim to lure the recipient to willingly give away their Penn WebLogin passwords and Two-Step Verification codes, allowing the attackers access to protected sensitive information. These methods include:

  1. Give away their Two-Step Verification code. A recipient may receive a text from someone asking for their Penn Two-Step Verification code. Once the recipient provides the code, the attacker can access the recipients’ accounts. 
  2. The recipient may receive a link in a text or an email message to a web page that mimics a Penn    WebLogin page. The fake webpage requires the recipient to enter his/her username, password, and the Two-Step Verification Code. 

Take the following steps to protect Penn and your sensitive information:

  • Install the Duo Mobile app on your mobile device. Using the Duo Mobile app provides an easy method of verification to access protected pages. 
  • Never share your Two-Step Verification codes in text messages with others. 
  • Use a password manager to create a strong, unique password for each of your accounts. 
  • Pay attention to the FROM email field. Hover over the FROM email field to verify the sender. Report the email to your IT support staff if the FROM field is not coming from a Penn email address or an address you know. 
  • To protect your data from a potential ransomware attack, consult with your School/Center IT staff on where to create a backup for Penn’s sensitive data.
  • Hover over any links embedded in email before you click to verify the legitimacy of the link. If in doubt, consult with your IT support staff or the Office of Information Security at phishing@isc.upenn.edu

For additional tips, see the One Step Ahead link on the Information Security website: https://www.isc.upenn.edu/security/news-alerts#One-Step-Ahead.

Back to Top