Oops! You fell for a phish!
This is a simulated phishing exercise by your School.
If this had been an actual attack, clicking the link would have sent you to a malicious site and exposed your system to ransomware, malware, or other cybersecurity threats.
When you receive an unsolicited email with embedded web links, keep the following tips in mind:
- Watch for urgent or threatening language. Be immediately suspicious if the message tries to scare you, offers an incredible deal, prompts you to reset a password or update account information, or asks you to check your direct deposit.
- Check the sender’s email address carefully. Look for misspellings, extra characters, or unfamiliar domains that imitate legitimate companies. for example, (@upen.edu instead of @upenn.edu).
- Check each link by hovering over it to see its true source. If the URL is unfamiliar or differs from what you expected to see, don’t click.
- Be cautious with unexpected attachments
Unexpected attachments, especially.zip,.exe, or macro-enabled documents, may contain malware. Be careful with QR codes in emails or documents
Phishers increasingly use QR codes to bypass link detection.- Treat QR codes like links—don’t scan them unless you trust the source
- Be suspicious of QR codes claiming account issues, payments, or security alerts
- After scanning, check the URL before entering any information
- When possible, go directly to the official website instead of using the QR code
- Verify claims and offers via a trusted website or known phone number.
- Contact your IT support staff for advice if you’re unsure, and report suspicious emails to them.
For Questions about this simulated phishing exercise, don't hesitate to get in touch with your IT Support staff at vet-phishing@vet.upenn.edu.
