Oops! You fell for a phish!
This is a simulated phishing exercise by your Center.
If this had been an actual attack, clicking on the attachment would have downloaded a malicious code (malware), sent you to a dangerous site and exposed your system to ransomware, steal your information and identity, attacked your contacts or files, or another cybersecurity threat.
How to recognize a phishing email:
- The sender may not be legitimate. Don't trust the FROM field - it can be spoofed.
Sometimes phishing messages even spoof the TO field. Read the FROM and TO fields carefully.
- An enticing subject line to lure you into reading the message.
The subject line may indicate an account deactivation or service cancelation or winning a prize, or a request for information. In this phishing email, the subject line urges you to download anti-virus software.
- Impersonal greetings.
Generic greeting. If the email is not addressed to you in person, e.g., addressed to "staff" instead of your name, or doesn't include a greeting. The signature is vague, provides wrong contact information, or lacks the sender's contact information.
- Grammatical and spelling errors.
Noticeable grammatical, spelling, and stylistic errors in the email message. The overall wording and "voice" seem a bit off.
- The email message elicits an action
Request to click on a link, open an attachment or provide sensitive information. In case of a link, hover your mouse over the URL to check if the link looks familiar. If it is an attachment, check with your School or Center IT support staff about the legitimacy of the email before you click on an attachment you were not expecting.
For Questions about this simulated phishing exercise, please contact magida@upenn.edu.
_________________________________________________________________________________________________________
The following image highlights the phishing clues in the simulated phishing message: