Oops! You fell for a phish!
This is a simulated phishing exercise by the Penn School of Engineering and Applied Sciences (SEAS).
If this had been an actual attack, clicking on the link would have downloaded a malicious code (malware), sent you to a dangerous site, and exposed your system to ransomware, steal your information and identity, attack your contacts or files, or another cybersecurity threat.
How to recognize a phishing email:
- The sender may not be legitimate. Don't trust the FROM field - it can be spoofed.
Sometimes phishing messages even spoof the TO field. Read the FROM and TO fields carefully.
The message is not personalized to you. Your name is not stated in the message.
- An enticing subject line to lure you to read the message.
The subject line may indicate an account deactivation or service cancelation or winning a prize or a request for information. in this phishing email, the subject line indicates an approved transfer request from your retirement account.
- Grammatical and spelling errors.
Noticeable grammatical, spelling, and stylistic errors in the email message. The overall wording and "voice" seem a bit off.
- The email message elicits an action
Requests to click on a link, open an attachment or provide sensitive information. In case of a link, hover your mouse over the URL. Does the link look familiar?
If it is a link or attachment, check with your School or Center IT Support Staff if the email message claims to be from a Penn entity before you click on an email you were not expecting.
For Questions about this simulated phishing exercise, please contact your IT Support staff at phishing@seas.upenn.edu.
---------------------------------------------------
How to recognize the message you received is a phishing email