Another tip in a series provided by the Offices of Information Security, Information Systems & Computing and Audit, Compliance & Privacy

In October 2020, the University’s Office of Information Security (OIS) launched a contest seeking personal experiences with phishing, securing personal computing devices, or securing personal and University data. There were five winning entries, of which we share two below.

First experience:

“A few days after my aunt added me on Facebook, I received a message from her account requesting money in a hurry. At 3 a.m. in the morning, I was asked to go to the nearest Walmart and buy five $200 eBay gift cards for her. I knew it was a scam, but I was curious and asked some personal questions. Apparently, a hacker who had gone through my posts messaged me, posing as my aunt. I decided to ignore the messages, but the hacker managed to find my cell number and began calling and texting at 4 a.m. inquiring about the cards. I realized that I have too much information about myself online and need to be more careful about what I post!”

Second experience:

“As a person working in IT, I try to maintain security best practices but recently learned that doing everything right means nothing if you don’t physically secure your device. I dropped my smartphone a block from my home, tracked it with location sharing, and the guy who picked it up asked for 50 bucks in return for it. Unable to convince him to meet at a handoff location of my choosing, I waffled, ultimately deciding that a 2-week-new Android was not worth the risk of injury to life and limb. I issued a remote wipe to my phone with no confirmation that it worked—my phone’s new owner, no doubt realizing he was trackable, must have disabled the phone’s data. Moral: Attach your phone to your belt.”

For additional tips, see the One Step Ahead link on the Information Security website: https://www.isc.upenn.edu/security/news-alerts#One-Step-Ahead