Members of the Penn community are being targeted by cyber criminals making phone calls posing as IT support or other trusted contacts.  

• The attacks start with a phone call or text using faked caller ID so the call appears to come from a credible number labeled something like "Penn IT Support" 
• The attackers are professional and fluent in English, Penn terminology and Penn current events. 
• Using a pretense like the need to update an account in order to retain access, they will attempt to direct potential victims to a website to log in and take various actions.  This website will steal usernames and passwords, and the actions directed by the attacker will allow them to bypass Two Step Verification by having the victim approve push notifications or install malware on their computer, often by copying and pasting something from the website into a field on the victim's computer.
• Attackers may attempt to use their access to try to re-direct employee's payroll direct deposit to attacker-controlled accounts, steal data from Penn applications, or to use compromised email accounts to attempt to trick additional victims. Reporting attacks quickly is critical for preventing these outcomes. 

If you are contacted by phone or text by someone purporting to be IT support or another Penn representative, please notify PMACS immediately. Users with PMACS accounts should submit a PMACS ticket with the words “Cybersecurity Concern” in the description. If you do not have a PMACS account, please email medhelp@pennmedicine.upenn.edu with the subject line “Cybersecurity Concern”.

Please reach out regardless of whether you took any steps directed by the attacker.  No one at Penn will be shamed or punished for being tricked by criminals - but your fast reports will let us kick the attackers out of Penn systems before they can cause harm and help us protect you, your colleagues and Penn.