Oops! You fell for a phish!
This is a simulated phishing exercise by your Center.
If this had been an actual attack, clicking on the attachment would have downloaded malicious code (malware), sent you to a dangerous site, exposed your system to ransomware, stolen your information and identity, attacked your contacts or files, or posed another cybersecurity threat.
How to recognize a phishing email:
- The sender may not be legitimate. Don't trust the FROM field - it can be spoofed. Sometimes, phishing messages even spoof the TO field. Read the FROM and TO fields carefully.
- An enticing subject line to entice you to read the message. The subject line may indicate an account deactivation, a service cancellation, a prize win, or a request for information. In this phishing email, the subject line urges you to download anti-virus software.
- Impersonal greetings. Generic greeting. If the email is not addressed to you in person, e.g., addressed to "staff" instead of your name, or doesn't include a greeting. The signature is vague, contains incorrect contact information, or omits the sender's contact information.
- Grammatical and spelling errors. Noticeable grammatical, spelling, and stylistic errors in the email message. The overall wording and "voice" seem a bit off.
- The email message elicits an action. Request to click on a link, open an attachment, or provide sensitive information. If there's a link, hover over the URL to check whether it looks familiar. If it is an attachment, check with your School or Center IT support staff about the legitimacy of the email before you click on an attachment you were not expecting.
For Questions about this simulated phishing exercise, don't hesitate to contact mtront@upenn.edu.
