Penn Targeted Phishing Attack (10/10/2013)
From Penn's Office of Information Security, October 10, 2013:
"Penn is currently being targeted with a phishing attack that is convincing enough that users are filling out the form with legitimate data including PennKey/password/DOB/SSN. If you receive an email with a link to the form below, do NOT click the link. Ignore or delete the email, and forward the email to our office: email@example.com.
If you clicked the link but did not enter any personal information, you are not at risk: simply quit your web browser.
If you did follow the email link and you entered legitimate information into the form in the last 24 hours, please change your PennKey password IMMEDIATELY and inform your local support provider as well as Information Security. We had a similar attack recently and created a rule to detect this specific attack, but unfortunately we have identified numerous users who have indeed filled out the form with legitimate information. We will keep an eye on this situation and inform the appropriate contacts of verified data exposure.
This is a very dangerous attack as the attackers are trying to gain credentials that would allow them specific access to Penn applications such as My Tax and My Pay, possibly for identity theft and to divert your paychecks to another banking account you don’t own.
Office of Information Security
Example of phishing e-mail:
Example of phishing login page: