Social engineering incients are on the rise at Penn. Don't be caught off-guard: always be mindful about suspicious or unusual emails!
Several individuals at Penn recently received emails forged to appear to be from a senior administrator in their department, with messages like:
- "Are you at the office, Write me when you are."
- "I need you to make a transfer of $18,550 before the cut of today, are you available to assist?"
These were actually very targeted social engineering attacks, consistent with the pattern of attacks seen worldwide - they typically involve an email pretending to be from an organization's executive, asking key departments (HR, payroll, IT, etc.) for sensitive information (e.g., SSNs, W-2s), or to help initiate financial transactions. For more details on these scams, please see links appended below.
Please be on the lookout for emails like these and advise any colleagues handling financial transactions or W-2 documents to be mindful as well. If they receive such an email they can feel free to forward to security@isc.upenn.edu and then either delete or ignore it.
If they are unsure or need assistance, they should contact their Local Support Provider or ISC Information Security. For more information on spotting and combating phishing at Penn see this recent Almanac Tip:
http://www.upenn.edu/computing/security/footprints/display_tip.php?footp...
Otherwise, please contact ISC Information Security with questions or concerns about this announcement.