How did I get here?
This message is part of an exercise conducted by SAS Computing and Penn’s Office of Information Security (OIS). We want to help you recognize phishing emails, including scams that try to take advantage of high-profile data breaches.
You may have already heard about some large-scale data breaches at well-known companies, including Ticketmaster, TIAA, and many others.
If your data are exposed as a result of a breach, you should receive a letter in the mail (not via email or text). The letter would include detailed information about the incident and an offer of credit monitoring services to help prevent fraud on your account.
Be suspicious if you receive a message claiming your personal information is at risk. Never enter your login credentials on an unknown website (hover over the link to check the URL). If you have any concerns about whether a notification is legitimate, you should go to the sender’s official website for more information or ask your LSP before clicking on any links.
A final word of warning: scammers like to exploit current events to add urgency to their schemes. This could include the upcoming elections or the recent hurricane disaster. Tax season is a favorite time for fake IRS warnings. Always be wary when you see messages that try to provoke an emotional response to spur you to take immediate action.
For more tips on protecting your data and accounts, see https://computing.sas.upenn.edu/infosec/protectyourpennkey
_________________________________________________________________________________________________________________
