On Thursday, July 26, two fraudulent email came to some SAS email accounts.
(1.) A fraudulent message pretending to be from Bank of America claimed that your account would be suspended and asked you to sign in at a link in the message. It looked like the following image.
(2.) A fraudulent message pretending to be from the “Help DESK” claimed that your O365 account would be terminated and asked you to sign in at a link in the message. It looked like the following image.
The goal of such emails is to collect your username and password and later use them for malicious purposes such as stealing data or changing where your direct deposit goes.
If you clicked on the link in the email and entered your username and password, please contact your Local Support Provider immediately.
Don't Let Scammers Con You
Anyone with an email account may periodically receive fraudulent messages purporting to be from a legitimate organization in an attempt to trick them into providing personal or financial information. This practice, known as “phishing,” is increasingly common, and can be most effective when coupled with a current event (such as the deadline for filing taxes, a political election, the return to classes, etc.).
Please know that Penn will never solicit your username, password or other private information (such as full or partial Social Security Number) in this manner. If you receive an email requesting you respond back or visit a website and provide any of this sensitive information, either delete or ignore it. Individuals are encouraged to contact their Local Support Provider (LSP) for assistance in determining whether or not a message is legitimate or if they believe they may have accidentally provided data to an unauthorized party.
ISC Information Security maintains a Phishing Archive, which lists recent phish attempts targeting Penn services. You can also check this site to get a sense of whether a
new phish has already been observed and reported to the Information Security Office:
In addition to the archive, ISC makes other resources available to combat phishing, including:
- "SafeDNS", a service that can proactively block connections to known malicious websites,
- Two Step Verification (two-factor) for PennKey, which protects your PennKey by requiring both a password and a code generated on your phone
- A variety of training and awareness resources (including the offer to provide in-person presentations to groups of any size).
NEVER DISCLOSE YOUR EMAIL PASSWORD
We want to remind you that you should NEVER disclose your password to anyone, including those presenting themselves as support providers or school officials. SAS Computing or other legitimate system administrators will never ask for your password.
If you get any message that ask you for your password, please do NOT reply or forward the message — just delete it.
If you think you already may have been deceived into disclosing your password, please fill out our help form and we will investigate (and of course you should NOT include your password in your help request).
Detailed information about email security is available from https://www.isc.upenn.edu/security/overview
Advice about how to avoid phishing scams is available.
Check Penn's Phishing Email Archive to see examples of previous email messages identified as fraudulent.
For more information on spotting and combating phishing at Penn see this recent Almanac Tip.
Thank you for your help in maintaining a secure computing environment at Penn.
SAS Email Support Team