Skip to main content
Visit Remote Work Tools & Guidelines and Student Remote IT Support for details on working remotely under the University's Coronavirus (COVID-19) recommendations
Penn Information Systems & Computing Systems Home

Search form

  • Find my LSP
  • Penn
System Status
  • Get Started
    • IT Staff
    • Faculty
    • Staff
    • Students
    • Alumni & Guests
    • ISC Staff
  • Services
    • — Services A to Z —
    • Accounts, Access & Security
      • Access Management Services
      • Active Directory
      • Identity Management Services
      • Information Security Services
    • Applications & Data Analytics
      • Application Development & Delivery
      • Data Analytics
        • Data Analytics at Penn
      • Integration Development & Delivery
    • Backup, Storage & Platforms
      • BackItUp
      • Backup for Desktop & Laptop
      • Cloud Solutions
      • Data Center Services
      • Database & Middleware Services
      • Endpoint Management
      • Recovery Services
      • Storage
      • Virtual Desktop
      • Virtual Server Hosting
    • Community, Support & Learning
      • Classroom Technology Services
      • Desktop Engineering
      • IT Community Events
      • Knowledge Link
      • LinkedIn Learning
      • Provider Support Services
      • Tech Center
    • Consulting & Professional Services
      • Brokered Products
      • HireIT
      • Systems Support & Consulting
      • Technology Forecasting
    • Email, Calendaring & Collaboration
      • Classlists
      • Penn Email Routing
      • Penn+Box
      • PennNet Mailing Lists
      • PennO365
      • PennZoom
      • SMTP-Relay
      • Secure Share
    • Networks & Connectivity
      • Firewall Services
      • Network Design & Installation
      • Network Names & Numbers
      • PennNet
        • MAGPI (Penn's Internet2 Regional Optical Network)
      • PennNet Ethernet Ports
      • Wireless at Penn
    • Phone, TV & Video
      • Broadcasting Studio
      • Contact Center
      • Live Video Streaming
      • Penn Video Network
      • PennFlex Phone
      • PennNet Phone
      • Traditional Telephony
      • Video Content Management
      • Video Production
        • Producing Video Content
    • Web Hosting
      • Web Services
    • — Service Rates —
    • — Service Level Agreements —
  • Security
    • Office of Information Security
    • Security Services
    • Special Projects
    • Policies & Procedures
    • Training & Awareness
  • Collaborations
    • Engaging Penn’s IT Community
    • Identity & Access Management
    • Cloud First
    • Next Generation Unified Communications
    • IT Advisory Groups
      • Common Solutions
      • IT Roundtable
      • Network Policy Committee
      • Penn Technology Investment Committee
        • About PTIC
    • Special Interest Groups (SIGs)
      • Audio-Visual (AV-SIG)
      • Cloud Computing (Cloud-SIG)
      • Data Visualization (DataViz-SIG)
      • Developer SIG (Dev-SIG)
      • High-Performance Computing (HPC-SIG)
      • Instructional Technology SIG
      • Linux SIG
      • Macintosh Networking Group (MacNet)
      • Mobile Technologies (Mobile-SIG)
      • O365 Special Interest Group
      • PC Networking Group (PC-Net)
      • Project Partners SIG
      • Security SIG
      • Social Media SIG
      • Splunk Special Interest Group
      • Super User Group (SUG)
      • Web SIG
    • Technology Services Strategy Review Board
  • News
  • Events
  • About
    • Overview
    • Leadership & Groups
    • Purpose & Values
    • Strategic Goals
    • Recognition
    • Tech Jobs @ Penn
    • Contact Us
  • Hot Topics
  • Get Help
    • Support Center
    • Contact ISC Client Care
    • Rates for All Services

You are here

Home » COVID-19 Scam – Be Aware of Fake Termination Email Invite

COVID-19 Scam – Be Aware of Fake Termination Email Invite

Taking advantage of a recent increase in teleworking during the COVID-19 pandemic, cybercriminals are targeting employees working from home with fraudulent termination phishing emails. The email carries a subject line that attracts the recipient’s attention; for example, an invitation to a virtual meeting to discuss termination, e.g. “Termination Review Meeting” or “Join this live Meeting.”

The email message may contain information on the organization’s termination process and an invitation to a virtual meeting. The message directs employees to click on a phishing link to access termination severance benefits. Once an employee clicks on the fraudulent link they are directed to a black screen or have their login credentials stored on the virtual meeting platform compromised.

This is not how Penn does business. If you receive an email that appears to come from Human Resources or management with a termination subject line or an invitation to join a meeting:

 

1. Avoid the urge to click on links or attachments.

Avoid the urge to click on an email link or attachment, instead, contact your department IT support staff or your manager for verification.

2. Hover over the sender's email address.

Hover over the sender’s email address (or on a mobile device, tap it) to check the full email address. While the full email address can be faked, looking at it closely is a good way to confirm whether a message is a scam. Emails purporting to come from Penn should have a full email address ending with upenn.edu.  A Penn email address might also carry a School or Center name between the @ sign and the upenn.edu. For example, an email address ending with @isc.upenn.edu comes from Penn Information Systems and Computing. 

3. Verify virtual meeting platform.

Verify with your department’s IT support staff the virtual meeting platform used internally by your School/Center. 

4. Do not share virtual meetings links publicly.

Do not share virtual department or school internal meetings links publicly and consider using a password or PIN for teleconference or web meetings. Please see the OIS advisory “Zoombombing Allows Uninvited Guests Join a Zoom” for information on how to limit the reuse of access meeting codes.

5. Be aware of social engineering techniques.

Be aware of social engineering techniques using urgent-sounding messages that attempt to steal your password and sensitive information or install malicious software to gain complete control over your device.

What to do if you fell a victim to an email scam?

If you think you fell a victim to such an email scam, please contact your department’s IT support staff immediately. If you don’t know who your IT support staff is, report the incident to the Office of Information Security at phishing@isc.upenn.edu.  

Resources on Social Engineering and Phishing
  • FBI Private Industry Notification on Cyber Criminals Take Advantage of COVID-19 pandemic to Target Teleworking Employees through Fake Termination Phishing Email and Meeting Invites
  • Zoombombing Allows Uninvited Guests Join a Zoom Session
  • Almanac One Step Ahead: Social Engineering-What’s the hype?
  • Phishing & Spear Phishing

 

Share:

  • Facebook
  • Twitter
Print
InfoSec Home
Resources
  • InfoSec Training & Awareness
  • InfoSec News & Alerts
Contact InfoSec
  • Computing Policies
  • Tech Jobs @ Penn
System Status

© 2021 THE UNIVERSITY OF PENNSYLVANIA — 3401 Walnut Street, Philadelphia, PA 19104 — Report accessibility issues and get help — For ISC Staff