Skip to main content
Penn Information Systems & Computing Systems Home

Search form

Getting system status
  • Get Started
    • IT Staff
    • Faculty
    • Staff
    • Students
    • Alumni & Guests
    • ISC Staff
  • Services
    • — Services A to Z —
    • Accounts, Access & Security
      • Access Management Services
      • Active Directory
      • Identity Management Services
      • Information Security Services
    • Applications & Data Analytics
      • Application Development & Delivery
      • Data Analytics
        • Data Analytics at Penn
      • Integration Development & Delivery
    • Backup, Storage & Platforms
      • BackItUp
      • Cloud Solutions
      • Data Center & Colocation Solutions
      • Database & Application Platform Support & Consulting
      • Endpoint Management
      • Recovery Solutions
      • Storage
      • Virtual Desktop
      • Virtual Server Hosting
    • Community, Support & Learning
      • Classroom Technology Services
      • Desktop Engineering
      • IT Community Events
      • LinkedIn Learning
      • Tech Center
    • Consulting & Professional Services
      • Brokered Products
      • HireIT
      • Systems Support & Consulting
      • Technology Forecasting
    • Email, Calendaring & Collaboration
      • Classlists
      • Penn Email Routing
      • PennBox
      • PennNet Mailing Lists
      • PennO365
      • PennZoom
      • SMTP-Relay
      • Secure Share
    • Networks & Connectivity
      • Firewall Services
      • Network Design & Installation
      • PennNet
        • Network Names & Numbers
        • MAGPI (Penn's Internet2 Regional Optical Network)
      • PennNet Ethernet Ports
      • Wireless at Penn
    • Phone, TV & Video
      • Contact Center
      • Live Video Streaming
      • Penn Video Network
      • PennFlex Phone
      • Traditional Telephony
      • Video Content Management
      • Video Production
        • Producing Video Content
    • Web Hosting
      • Web Hosting Service
    • — Service Rates —
    • — Service Level Agreements —
  • Security
    • Office of Information Security
    • Security Services
    • Special Projects
    • Policies & Procedures
    • Training & Awareness
    • Penn SecureIT program
  • Collaborations
    • Computing Policies
    • Engaging Penn’s IT Community
    • Identity & Access Management
    • Penn IT Strategic Plan
    • Cloud First
    • Next Generation Unified Communications
    • Penn Bot
    • IT Advisory Groups
      • Common Solutions
      • IT Roundtable
      • Network Policy Committee
      • Penn Technology Investment Committee (PTIC)
        • About PTIC
        • The PTIC IT Development Fund
    • Special Interest Groups (SIGs)
      • Audio-Visual (AV-SIG)
      • Cloud Computing (Cloud-SIG)
      • Data Visualization (DataViz-SIG)
      • Developer SIG (Dev-SIG)
      • High-Performance Computing (HPC-SIG)
      • Instructional Technology SIG
      • Linux SIG
      • Macintosh Networking Group (MacNet)
      • Mobile Technologies (Mobile-SIG)
      • O365 Special Interest Group
      • PC Networking Group (PC-Net)
      • Project Partners SIG
      • Security SIG
      • Social Media SIG
      • Splunk Special Interest Group
      • Super User Group (SUG)
      • Web SIG
    • Technology Services Strategy Review Board
  • News
  • About
  • Hot Topics
  • Get IT Help

You are here

Home » Gift Card Scams Hitting Penn

Gift Card Scams Hitting Penn

Penn Office of Information Security (OIS) is noticing a rise in gift card phishing scams on campus. The scammer sends an email or text message to Penn staff pretending to be high-ranking administration personnel, e.g., School Dean, Executive Director, Provost or the President. The message indicates the sender is occupied and in need of immediate assistance in purchasing gift cards from a specific store or brand for a specific amount. The message also requests that the recipient send back the gift card codes to the sender either by taking a picture of the codes and send the image back as an email attachment or send back the list of codes in an email. 

Impact

This type of social engineering scam has an impact on the recipient and the University.

  • The recipient’s financial loss when personal funds are used to purchase the gift cards.
  • Penn financial loss when PCARD is used to purchase the gift cards.
What do you need to do?

To protect yourself from falling victim to gift card scams:

1.    Pay attention to the sender’s email address. Usually, Penn employees use their work email address when conducting business at Penn. Assess whether the domain is legitimate, e.g., jsmith@upenn.edu. The domain is “upenn.edu.”

2.   This is not how Penn does business. Penn personnel will NOT ask for assistance in purchasing gift cards for personal purposes.

3.    In some cases, scammers spoof a Penn legitimate sender email address, e.g., jsmith@upenn.edu. Often, those scammers change the email address in the reply to field to something like jsmith@msn.com. To verify, hit reply and the To field may change to the non-Penn email address. Make sure not to press send. 

4.    Verify the message or text with your manager or your IT support provider (LSP) before you respond.

5.    If you have fallen victim to this type of scams:

a.    Report the incident to your local police

b.    Report the incident to your LSP

c.    If you don’t know who your LSP is, report the incident to the Office of Information Security at security@isc.upenn.edu

d.    Report the scam to the company that issued the gift card. There could be a slim chance they can recover funds for you. 

Contact

Contact your department’s LSP if you suspect an email account or computer compromise, or when receiving an email requesting you to purchase gift cards for a manager at Penn.

If you are unsure who your LSP is, report scams including phishing to the Office of Information Security at security@isc.upenn.edu, or 215-898-2171

Additional Information

To learn more about this scam and more visit:

  • Mention of gift card scams in the Almanac One Step Ahead in Observance of NCSAM, Vol 65 Issue 10, https://almanac.upenn.edu/articles/one-step-ahead-in-observance-of-ncsam.
  • Phishing & Spear Phishing https://www.isc.upenn.edu/phishing-spear-phishing.
  • Phishing Scheme Targets Professors’ Desire to Please Their Deans https://www.chronicle.com/article/Phishing-Scheme-Targets/245535.
  • Federal Trade Commission Consumer Information - Paying Scammers with Gift Cards https://www.consumer.ftc.gov/articles/paying-scammers-gift-cards

Visit ISC on LinkedIn

Print
InfoSec Home
Resources
  • Phishing & Spear Phishing
  • Desktop Security 101
  • Information Security News & Alerts
Contact InfoSec
  • Computing Policies
  • Tech Jobs @ Penn

© 2025 THE UNIVERSITY OF PENNSYLVANIA — 3401 Walnut Street, Philadelphia, PA 19104 — Report accessibility issues and get help — For ISC Staff