Skip to main content
Penn Information Systems & Computing Systems Logo
  • Get Started
    • IT Staff
    • Faculty
    • Staff
    • Students
    • Alumni & Guests
    • ISC Staff
  • Services
    • Accounts, Access & Security
      • Active Directory
      • Central Authentication & Authorization
        • CAA: Our Mission, Vision & Offerings
      • Identity Management Services
      • Information Security Services
      • Security Logging Service
      • Two-Step Verification
    • Applications & Data Analytics
      • Application Development & Delivery
      • Data Analytics
        • Data Analytics at Penn
      • Data Warehouse
      • Enterprise Integration Development & Delivery
    • Backup, Storage & Platforms
      • BackItUp
      • Backup for Desktop & Laptop
      • Data Center Hosting
      • Database Services
      • Endpoint Management
      • Recovery Services
      • Virtual Desktop
      • Virtual Server Hosting
    • Community, Support & Learning
      • Classroom Technology Services
      • IT Orientation
      • Knowledge Link
      • Lab Rentals
      • Lunchtime Learning
      • Lynda.com
      • Provider Support Services
      • Tech Center
      • Training
    • Consulting & Professional Services
      • HireIT
      • Project & Program Management
      • Systems Support & Consulting
      • Technology Forecasting
    • Email, Calendaring & Collaboration
      • Classlists
      • Forward-Only
      • Penn+Box
      • PennNet Mailing Lists
      • PennO365
      • SMTP-Relay
      • Secure Share
    • Networks & Connectivity
      • Firewall Services
      • MAGPI
      • Network Design & Installation
      • Network Names & Numbers
      • PennNet
      • PennNet Ethernet Ports
      • Wireless at Penn
    • Phone, TV & Video
      • Broadcasting Studio
      • Contact Center
      • Digital Signage
      • Live Video Streaming
      • Penn Video Network
      • Penn on iTunes U
      • PennNet Phone
      • Traditional Telephony
      • Video Content Management
      • Video Production
        • Producing Video Content
    • Web Hosting
      • Web Services
    • — Services A to Z —
    • — Service Rates —
    • — Service Level Agreements —
  • Security
    • Office of Information Security
    • Security Services
    • Special Projects
    • Policies & Procedures
    • Training & Awareness
    • About the OIS
  • Collaborations
    • Identity & Access Management
    • Cloud First
    • IT Advisory Groups
      • Common Solutions
      • IT Planning Task Force
        • About ITPTF
      • IT Roundtable
      • Network Policy Committee
    • Special Interest Groups (SIGs)
      • Audio-Visual (AV-SIG)
      • Cloud Computing (Cloud-SIG)
      • Data Visualization (DataViz-SIG)
      • Developer SIG (Dev-SIG)
      • High-Performance Computing (HPC-SIG)
      • Instructional Technology SIG
      • Linux SIG
      • Macintosh Networking Group (MacNet)
      • Mobile Technologies (Mobile-SIG)
      • O365 Special Interest Group
      • PC Networking Group (PC-Net)
      • Project Partners SIG
      • Security SIG
      • Social Media SIG
      • Splunk Special Interest Group
      • Super User Group (SUG)
      • Web SIG
    • Technology Services Strategy Review Board
    • Project Management Office
  • News
  • Events
  • About
    • Overview
    • Leadership & Groups
    • Purpose & Values
    • ISC Priorities Program
    • Recognition
    • Tech Jobs @ Penn
    • Contact Us
  • Hot Topics
  • Get Help
    • Support Center
    • Contact ISC Client Care
    • Rates for All Services
  • Find my LSP
  • Penn
System Status

Search form

You are here

Home » Gift Card Scams Hitting Penn

Gift Card Scams Hitting Penn

Penn Office of Information Security (OIS) is noticing a rise in gift card phishing scams on campus. The scammer sends an email message to Penn staff pretending to be high-ranking administration personnel, e.g., School Dean, Executive Director, Provost or the President. The message indicates the sender is occupied and in need of immediate assistance in purchasing gift cards from a specific store or brand for a specific amount. The message also requests that the recipient send back the gift card codes to the sender either by taking a picture of the codes and send the image back as an email attachment or send back the list of codes in an email. 

Impact

This type of social engineering scam has an impact on the recipient and the University.

  • The recipient’s financial loss when personal funds are used to purchase the gift cards.
  • Penn financial loss when PCARD is used to purchase the gift cards.
What do you need to do?

To protect yourself from falling victim to gift card scams:

1.    Pay attention to the sender’s email address. Usually, Penn employees use their work email address when conducting business at Penn. Assess whether the domain is legitimate, e.g., jsmith@upenn.edu. The domain is “upenn.edu.”

2.   This is not how Penn does business. Penn personnel will NOT ask for assistance in purchasing gift cards for personal purposes.

3.    In some cases, scammers spoof a Penn legitimate sender email address, e.g., jsmith@upenn.edu. Often, those scammers change the email address in the reply to field to something like jsmith@msn.com. To verify, hit reply and the To field may change to the non-Penn email address. Make sure not to press send. 

4.    Verify the message with your manager or your IT support provider (LSP) before you respond.

5.    If you have fallen victim to this type of scams:

a.    Report the incident to your local police

b.    Report the incident to your LSP

c.    If you don’t know who your LSP is, report the incident to the Office of Information Security at security@isc.upenn.edu.

Contact

Contact your department’s LSP if you suspect an email account or computer compromise, or when receiving an email requesting you to purchase gift cards for a manager at Penn.

If you are unsure who your LSP is, report scams including phishing to the Office of Information Security at security@isc.upenn.edu, or 215-898-2171.

Additional Information

To learn more about this scam and more visit:

  • Mention of gift card scams in the Almanac One Step Ahead in Observance of NCSAM, Vol 65 Issue 10, https://almanac.upenn.edu/articles/one-step-ahead-in-observance-of-ncsam.
  • Phishing & Spear Phishing https://www.isc.upenn.edu/phishing-spear-phishing.
  • Phishing Scheme Targets Professors’ Desire to Please Their Deans https://www.chronicle.com/article/Phishing-Scheme-Targets/245535.
Share:
Print
InfoSec Home
Resources
  • Phishing & Spear Phishing
  • Desktop Security 101
  • Information Security News & Alerts
Contact InfoSec
  • Computing Policies
  • Tech Jobs @ Penn
System Status

© 2019 THE UNIVERSITY OF PENNSYLVANIA — | 3401 Walnut Street | Philadelphia, PA 19104 - For ISC Staff