COVID-19 Scam – Be Aware of Fake Termination Email Invite

Background

Taking advantage of a recent increase in teleworking during the COVID-19 pandemic, cybercriminals are targeting employees working from home with fraudulent termination phishing emails. The email carries a subject line that attracts the recipient’s attention; for example, an invitation to a virtual meeting to discuss termination, e.g. “Termination Review Meeting” or “Join this live Meeting.”

The email message may contain information on the organization’s termination process and an invitation to a virtual meeting. The message directs employees to click on a phishing link to access termination severance benefits. Once an employee clicks on the fraudulent link they are directed to a black screen or have their login credentials stored on the virtual meeting platform compromised.

This is not how Penn does business. If you receive an email that appears to come from Human Resources or management with a termination subject line or an invitation to join a meeting:

Recommendation to protect yourself

1. Avoid the urge to click on links or attachments

Avoid the urge to click on an email link or attachment, instead, contact your department IT support staff or your manager for verification.

2. Hover over the sender's email address

Hover over the sender’s email address (or on a mobile device, tap it) to check the full email address. While the full email address can be faked, looking at it closely is a good way to confirm whether a message is a scam. Emails purporting to come from Penn should have a full email address ending with upenn.edu. A Penn email address might also carry a School or Center name between the @ sign and the upenn.edu. For example, an email address ending with @isc.upenn.edu comes from Penn Information Systems and Computing.

3. Verify virtual meeting platform

Verify with your department’s IT support staff the virtual meeting platform used internally by your School/Center.

4. Do not share virtual meetings links publicly

Do not share virtual department or school internal meetings links publicly and consider using a password or PIN for teleconference or web meetings. Please see the OIS advisory “Zoombombing Allows Uninvited Guests Join a Zoom” for information on how to limit the reuse of access meeting codes.

5. Be aware of social engineering techniques

Be aware of social engineering techniques using urgent-sounding messages that attempt to steal your password and sensitive information or install malicious software to gain complete control over your device.

What to do if you fell a victim to an email scam?

If you think you fell a victim to such an email scam, please contact your department’s IT support staff immediately. If you don’t know who your IT support staff is, report the incident to the Office of Information Security at phishing@isc.upenn.edu.

Resources on Social Engineering and Phishing

FBI Private Industry Notification on Cyber Criminals Take Advantage of COVID-19 pandemic to Target Teleworking Employees through Fake Termination Phishing Email and Meeting Invites
Zoombombing Allows Uninvited Guests Join a Zoom Session
Almanac One Step Ahead: Social Engineering-What’s the hype?
Phishing & Spear Phishing