Large Phishing Campaign launched against Penn last night
March 26, 2020
Between 9pm and 10pm last night a large number of Penn community members received a message with the subject “Changes on Staff Pay and Benefits”.
From the Office Of Information Security:
The Office of Information Security has received reports of a large phishing attack on the Penn Community. Between 9pm and 10pm last night a large number of Penn community members received a message with the subject “Changes on Staff Pay and Benefits”. This message is labeled as coming from the address corwin.l[at]upenn.edu. There is a link in the email directing people to a mock Penn Weblogin screen. Once a user enters information into the site they are redirected (unauthenticated of course) to the Penn Workday web page
We have blocked the URL of the malicious site in SafeDNS and on the Campus Firewall. Additionally, we have reach out to the hosting company of the offending site and asked them to take this down. We have also asked Palo Alto to recategorize this URL as a malicious phishing site in their URL filtering rules.
If a user has clicked on this link and entered their credentials please have them reset their Pennkey immediately and contact security@upenn.edu. Once they have reset their Pennkey they should immediately login to workday and make sure that their contact information and payroll routing information is correct.