Another tip in a series provided by the Offices of Information Security, Information Systems & Computing and Audit, Compliance & Privacy

In an era where artificial intelligence’s capabilities grow, scammers are employing increasingly sophisticated techniques to deceive you into sharing your financial data or login details. These include voice cloning, deepfake videos, fake profiles and images, AI-generated websites and listings, fake banking or school websites, fraudulent emails and texts, and romance scams through social media and dating apps.

To protect yourself and Penn from these scams, follow these three essential rules:

1. View. Carefully examine messages and thoroughly read any message before acting. If it seems urgent, if it contains typos, or if the message is from an unknown number or source, discard it without responding.

2. Validate. Confirm the sender’s identity. Contact the official agency, bank, or individual directly—using verified contact information—to confirm whether they reached out to you. Be cautious if you think it is law enforcement, the IRS, or a law firm following up on a scam, or if a familiar voice asks for help. Always confirm before responding. Remember, law enforcement and the IRS will never ask for information or fees via calls or emails. For purchase offers, verify with the seller before clicking any links, and do not click on unverified ads or on tracking emails or text messages. 

3. Voice your concerns. Notify your Penn IT support or phone plan provider about suspicious emails or texts. Enable two-step verification and use two different forms of validation—such as a password and a code—to safeguard your financial information.

Most scams depend on quick action to prompt voluntary sharing of sensitive details. Taking time to read, assess, and verify messages is key to avoiding fraud. 

---

For additional tips, see the One Step Ahead link on the Information Security website: https://isc.upenn.edu/security/news-alerts%23One-Step-Ahead.