While the email may initially appear to be legitimate, the "From:" header indicates that the emails were sent from an email account for a doctor associated with the University of Adelaide.
Credit: ScreengrabA mass email sent this morning to a slew of Penn affiliates appears to be part of an email phishing scam.
Earlier this morning an email was sent out to over one hundred Penn affiliated individuals. The email, which has the subject: "case ID-0108520281," asks recipients to log out from their "old mail sessions."
Referencing a recent update to the Penn mail server, which does not appear to be real, the email instructs recipients "to end their old mail session and also login to begin a new session on the upgraded server to keep enjoying all the features of your email account."
The email also misspells Penn, referring to it as "The University Pennysylvia."
The first link in the email, which ostensibly should link to a server for "mail-x.upenn.edu", directs users to an unreachable server entitled "mail-x.princeton.edu".
The second link sends sent -> sends the user to a fake PennKey login page, which asks the user to input their PennKey and password. Information Systems and Computing (ISC) has since added the URL to their list of known phishing scams. Trying to access the phishing link while on Penn's wireless network will now show a warning page.
"We get notified of phishing scams at least once a week," said senior ISC IT support specialist Dan Dougherty.Having only just begun his shift, he was unsure "if this is unusual in the number of people effected." A previous phishing scam, which targeted users' PennKey login information, affected Penn affiliates in October 2013.
While the email may initially appear to be legitimate, the "From:" header indicates that the emails were sent from an email account for a doctor associated with the University of Adelaide in Australia. When dialed, the phone number listed in the directory appeared to no longer work.
One of Penn's information security analysts, Michael Sanker, said in an email that they had already seen the message.
"We have entered the malicious links contained in this email to SafeDNS for blocking and have posted it to our Phish Archive page, available at: http://www.upenn.edu/
Andrew Fischer and Dan Spineli contributed reporting.
This is a developing story and was last updated on Sat., Feb. 11 at 5:20 p.m. Check back for updates.
The Daily Pennsylvanian is an independent, student-run newspaper. Please consider making a donation to support the coverage that shapes the University. Your generosity ensures a future of strong journalism at Penn.
Donate