One Step Ahead: Enjoy the Holidays Without Scams
Another tip in a series provided by the Offices of Information Security, Information Systems & Computing and Audit, Compliance & Privacy
In November, we kick off the holiday season with Giving Tuesday, Thanksgiving travel, Black Friday, and Cyber Monday. While you are busy planning and celebrating the holidays with family and friends, hackers are crafting scams to trick you into disclosing your sensitive financial and personal information. Some of the active seasonal scams include:
A change to your direct deposit: You receive an email claiming to come from the University that tells you to click on a link to confirm a change in your direct deposit. Once you click, you are directed to a fake webpage that mimics the Penn Web Login page, luring you into sharing your PennKey username and password.
Online shopping: You are directed to a webpage, usually via social media, that mimics a well-known site—but with prices that are too good to be true.
Package tracking: An email or text tells you that your package is delayed and asks you to click a link to resolve the issue.
Gift card prize winner: You receive an email or a text message that says you won a high-value gift card.
Online invitations to holiday parties: When clicking the invite, you may download malware.
You can protect yourself from such scams. Read the message carefully and avoid taking immediate action, such as clicking on a link or opening an attachment.
Double check the sender’s email address and make sure University messages asking you to take action are sent from a legitimate Penn email domain. Hover over links to see if they point to a supposed company’s domain and pay attention to the webpage URL to verify its authenticity. (You can train yourself to recognize phishing URLs by taking “URL Training” in Workday, if it is available to you.)
Do not reply to unsolicited emails. If you have questions or want to report a scam, talk to your IT (Information Technology) support staff, or email security@isc.upenn.edu.
—
For additional tips, see the One Step Ahead link on the Information Security website: https://www.isc.upenn.edu/security/news-alerts#One-Step-Ahead.
