Email Scams

Over the last several days, many Penn students, faculty, and staff have received a number of scam “phishing” email messages.

These messages are designed to trick the recipients into revealing personal account information and they have been successful.  A number of staff members have followed the directions and it has resulted in their email accounts being compromised.  Once a compromise occurs, the email account is generally used to send out spam messages and other scams intended to compromise others.  Because Pennkey passwords are also often involved the phishers can potentially access much more then just email.

To recover from a compromised account the staff member needs to expend a lot of effort resetting account credentials, having their accounts unlocked, and cleaning up their mailbox.

  • Legitimate Penn departments and service providers should never solicit or initiate account administration activities or ask you to provide confidential information via e-mail.
  • There is no “Upenn Team”, “EDU Webmail Team”, etc. at Penn.
  • DO NOT RESPOND TO ANY REQUESTS FOR YOUR ACCOUNT INFORMATION VIA E-MAIL, TELEPHONE OR ANY OTHER MEDIA.
  • Because this attack uses “social engineering” tactics to trick you, antivirus software and and other traditional computer based protective steps are not very effective.  You need to help protect yourself.

If you have any question about the legitimacy of an email, contact the your local support provider. ( students | faculty | staff )

More information from ISC Security is available at http://www.upenn.edu/computing/security/advisories/phishing.php

Thanks to Doug Smullens, IT manager for the Penn Libraries, for the above info.

Image used in this post from http://tinyurl.com/7psf5xh

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s