Oops! You fell for a phish!
This is a simulated phishing exercise by your Center.
If this had been an actual attack, clicking on the attachment would have downloaded a malicious code (malware), sent you to a dangerous site and exposed your system to ransomware, steal your information and identity, attack your contacts or files, or another cybersecurity threat.
How to recognize a phishing email:
- The sender may not be legitimate. Don't trust the FROM field - it can be spoofed.
Sometimes phishing messages even spoof the TO field. Read the FROM and TO fields carefully.
- An enticing subject line to lure you to read the message.
The subject line may indicate an account deactivation or service cancelation or winning a prize or a request for information. In this phishing email, the subject line indicates important tax information needed during tax filing time.
- Impersonal greetings.
Generic greeting. If the email is not addressed to you in person, e.g., addressed to "staff" instead of your name or doesn't include a greeting. The signature is vague, provides wrong contact information or lacks the sender's contact information.
- Grammatical and spelling errors.
Noticeable grammatical, spelling and stylistic errors in the email message. The overall wording and "voice" seem a bit off.
- The email message elicits an action
Request to click on a link, open an attachment or provide sensitive information. In case of a link, hover your mouse over the URL, does the link look familiar? If it is an attachment, check with your School or Center IT support staff if the email message claims to be from a Penn entity before you click on an email attachment you were not expecting.
For Questions about this simulated phishing exercise, please contact Victoira Iannotta at iannotta@upenn.edu.
_________________________________________________________________________________________________________
The following image highlights the phishing clues in the simulated phishing message:
