Penn's Office of Information Security has alerted us that our peers are being targeted by malicious voice and text messages. In this case, the adversaries are impersonating university IT staff with text messages to personal mobile phone numbers indicating that a login is required to set up Passkeys for email access. If a user interacts with the text, the attacker follows up with a phone call credibly impersonating the help desk, with the caller knowing the user's name and title. The caller will attempt to direct the user to log in to a fake Penn login on a website potentially of the form IT-Upenn[.]com in order to compromise their account. Please contact us at ithelp@design.upenn.edu if you receive any suspicious texts or calls so we can coordinate a response with the Office of Information Security.
