Skip to main content

One Step Ahead: Website Spoofing

One Step Ahead logo

Another tip in a series provided by the Offices of Information Security, Information Systems & Computing and Audit, Compliance & Privacy

The Office of Information Security (OIS) has warned about phishing scams in the past, with phishing messages transporting you to fake webpages that are designed to trick you into sharing your login credentials, banking access, or other sensitive information.

Website “spoofing” occurs when hackers copy elements of a legitimate website, such as logos, portions of the URL or domain, language, images, fields, etc., to lure you into:

  1. Clicking on links of products or tracking an order. Such links may carry malware.
  2. Entering your username and password.
  3. Sharing sensitive information like social security numbers, home addresses, etc.
  4. Providing credit card or banking information, including full name, and billing address.

Last month, an email phishing attack targeted members of the Penn community. The email  embedded a link to a spoofed web site which specifically mimicked elements of Penn’s identity in its fake webpages.

How can you protect yourself from these scams?

  • Pay attention to the URL. Hover over the URL in the email message or notification to examine whether it includes a legitimate domain like upenn.edu. When directed to a spoofed Penn web login or webpage, check whether the URL starts with www.upenn.edu or https://upenn.edu. A very similar spoofed URL may look legitimate, for example, upen.edu instead of upenn.edu.
  • Read the message carefully. Before reacting to an email message, examine the From address. Is this an appropriate message for the sender to send? Is it out of character for the person?  Please refrain from clicking on the Send button.
  • Avoid clicking on embedded links in text messages. Most legitimate entities will also include the full URL in a text message.
  • Report suspicious websites, emails, or text messages to your school or center information technology support staff, or contact the Office of Information Security (OIS) at security@isc.upenn.edu.

For additional tips, see the One Step Ahead link on the Information Security website: https://www.isc.upenn.edu/security/news-alerts#One-Step-Ahead.

Back to Top