Skip to main content
Penn Information Systems & Computing Systems Logo
  • Get Started
    • IT Staff
    • Faculty
    • Staff
    • Students
    • Alumni & Guests
    • ISC Staff
  • Services
    • — Services A to Z —
    • Accounts, Access & Security
      • Access Management Services
      • Active Directory
      • Identity Management Services
      • Information Security Services
    • Applications & Data Analytics
      • Application Development & Delivery
      • Data Analytics
        • Data Analytics at Penn
      • Integration Development & Delivery
    • Backup, Storage & Platforms
      • BackItUp
      • Backup for Desktop & Laptop
      • Cloud Solutions
      • Data Center Services
      • Database & Middleware Services
      • Endpoint Management
      • Recovery Services
      • Storage
      • Virtual Desktop
      • Virtual Server Hosting
    • Community, Support & Learning
      • Classroom Technology Services
      • IT Community Events
      • Knowledge Link
      • LinkedIn Learning
      • Provider Support Services
      • Tech Center
    • Consulting & Professional Services
      • Brokered Products
      • HireIT
      • Systems Support & Consulting
      • Technology Forecasting
    • Email, Calendaring & Collaboration
      • Classlists
      • Penn Email Routing
      • Penn+Box
      • PennNet Mailing Lists
      • PennO365
      • SMTP-Relay
      • Secure Share
    • Networks & Connectivity
      • Firewall Services
      • Network Design & Installation
      • Network Names & Numbers
      • PennNet
        • MAGPI (Penn's Internet2 Regional Optical Network)
      • PennNet Ethernet Ports
      • Wireless at Penn
    • Phone, TV & Video
      • Broadcasting Studio
      • Contact Center
      • Digital Signage
      • Live Video Streaming
      • Penn Video Network
      • PennNet Phone
      • Traditional Telephony
      • Video Content Management
      • Video Production
        • Producing Video Content
    • Web Hosting
      • Web Services
    • — Service Rates —
    • — Service Level Agreements —
  • Security
    • Office of Information Security
    • Security Services
    • Special Projects
    • Policies & Procedures
    • Training & Awareness
    • About the OIS
  • Collaborations
    • Engaging Penn’s IT Community
    • Identity & Access Management
    • Cloud First
    • Next Generation Unified Communications
    • IT Advisory Groups
      • Common Solutions
      • IT Roundtable
      • Network Policy Committee
      • Penn Technology Investment Committee
        • About PTIC
    • Special Interest Groups (SIGs)
      • Audio-Visual (AV-SIG)
      • Cloud Computing (Cloud-SIG)
      • Data Visualization (DataViz-SIG)
      • Developer SIG (Dev-SIG)
      • High-Performance Computing (HPC-SIG)
      • Instructional Technology SIG
      • Linux SIG
      • Macintosh Networking Group (MacNet)
      • Mobile Technologies (Mobile-SIG)
      • O365 Special Interest Group
      • PC Networking Group (PC-Net)
      • Project Partners SIG
      • Security SIG
      • Social Media SIG
      • Splunk Special Interest Group
      • Super User Group (SUG)
      • Web SIG
    • Technology Services Strategy Review Board
  • News
  • Events
  • About
    • Overview
    • Leadership & Groups
    • Purpose & Values
    • ISC Priorities Program
    • Recognition
    • Tech Jobs @ Penn
    • Contact Us
  • Hot Topics
  • Get Help
    • Support Center
    • Contact ISC Client Care
    • Rates for All Services
  • Find my LSP
  • Penn
System Status

Search form

You are here

Home » Gift Card Scams Hitting Penn

Gift Card Scams Hitting Penn

Penn Office of Information Security (OIS) is noticing a rise in gift card phishing scams on campus. The scammer sends an email message to Penn staff pretending to be high-ranking administration personnel, e.g., School Dean, Executive Director, Provost or the President. The message indicates the sender is occupied and in need of immediate assistance in purchasing gift cards from a specific store or brand for a specific amount. The message also requests that the recipient send back the gift card codes to the sender either by taking a picture of the codes and send the image back as an email attachment or send back the list of codes in an email. 

Impact

This type of social engineering scam has an impact on the recipient and the University.

  • The recipient’s financial loss when personal funds are used to purchase the gift cards.
  • Penn financial loss when PCARD is used to purchase the gift cards.
What do you need to do?

To protect yourself from falling victim to gift card scams:

1.    Pay attention to the sender’s email address. Usually, Penn employees use their work email address when conducting business at Penn. Assess whether the domain is legitimate, e.g., jsmith@upenn.edu. The domain is “upenn.edu.”

2.   This is not how Penn does business. Penn personnel will NOT ask for assistance in purchasing gift cards for personal purposes.

3.    In some cases, scammers spoof a Penn legitimate sender email address, e.g., jsmith@upenn.edu. Often, those scammers change the email address in the reply to field to something like jsmith@msn.com. To verify, hit reply and the To field may change to the non-Penn email address. Make sure not to press send. 

4.    Verify the message with your manager or your IT support provider (LSP) before you respond.

5.    If you have fallen victim to this type of scams:

a.    Report the incident to your local police

b.    Report the incident to your LSP

c.    If you don’t know who your LSP is, report the incident to the Office of Information Security at security@isc.upenn.edu.

Contact

Contact your department’s LSP if you suspect an email account or computer compromise, or when receiving an email requesting you to purchase gift cards for a manager at Penn.

If you are unsure who your LSP is, report scams including phishing to the Office of Information Security at security@isc.upenn.edu, or 215-898-2171.

Additional Information

To learn more about this scam and more visit:

  • Mention of gift card scams in the Almanac One Step Ahead in Observance of NCSAM, Vol 65 Issue 10, https://almanac.upenn.edu/articles/one-step-ahead-in-observance-of-ncsam.
  • Phishing & Spear Phishing https://www.isc.upenn.edu/phishing-spear-phishing.
  • Phishing Scheme Targets Professors’ Desire to Please Their Deans https://www.chronicle.com/article/Phishing-Scheme-Targets/245535.
Share:
  • Facebook
  • Twitter
Print
InfoSec Home
Resources
  • Phishing & Spear Phishing
  • Desktop Security 101
  • Information Security News & Alerts
Contact InfoSec
  • Computing Policies
  • Tech Jobs @ Penn
System Status

© 2019 THE UNIVERSITY OF PENNSYLVANIA — 3401 Walnut Street, Philadelphia, PA 19104 — Report accessibility issues and get help — For ISC Staff