A fraudulent e-mail circulating around the University community was recently brought to the attention of the Penn Division of Public Safety.
The e-mail, which indicated that it had been sent by the International Information System Security Certification Consortium, asked recipients to pay a $10 fee in order to prevent outside marketing and research companies from accessing their personal information.
The Penn Police were notified about the message after receiving several queries into it from various members of the University community.
"Several of the e-mails were forwarded here to the Division of Public Safety," Penn Police Deputy Chief Bill Danks said. "We thought that it was a complete fraud -- maybe the company didn't exist, or someone made up the name for their own benefit."
Further investigation, however, revealed that while the Information System Security Certification Consortium -- or (ISC)2 -- is a legitimate company, the e-mail itself was part of a larger scam.
According to (ISC)2 spokeswoman Nancy Koprowski, a third party tapped into the company's computer system, which resulted in the use of (ISC)2's name in the e-mail.
"(ISC)2 had nothing to do with it," Koprowski said. "It's a hoax where someone obtained an e-mail list and made it sound like it came from us."
Koprowski said that members of (ISC)2, a consortium of information security professionals that trains and certifies information security professionals worldwide, were unaware of the fraudulent e-mail until they began to receive phone calls inquiring into the $10 fee.
"Everybody pretty much knows that this is a spoof and a crime," Koprowski said. "People will either ignore it because they know it's a hoax, or they'll call us to ask about it."
And while Koprowski could not cite the number of people who had received the message, she said that (ISC)2 had also received phone calls from Miami and Los Angeles.
According to Koprowski, (ISC)2 has not received any money from people responding to the e-mail's $10 fee request thus far. Moreover, since (ISC)2 has stated that it is not involved with the scam, it has agreed to immediately return any money that it may receive.
"To my knowledge, nobody [at the company] has received any [checks for $10]," Koprowski said.
After tracing the message back to (ISC)2, the Division of Public Safety sent out a notice warning the University community to disregard the content of any such e-mails that may be circulating.
"As far as we're concerned, it's a blip on the screen," Danks said. "It's an internal problem within the company and they're taking care of it."
Still, the recent circulation of this e-mail has raised concerns among administrators about the negative repercussions fraudulent e-mails may have.
Although University Information Security Officer David Millar said that most people do not fall for scams, there is no safeguard to prevent the mass circulation of e-mails.
"It's really not possible to prevent people from sending misleading e-mails," Millar said. "We see scams going through e-mail and people receive a lot of e-mail."
If anything, Millar stressed the importance of being able to distinguish fraudulent messages from regular ones.
"The message that I'd like to get across to people is that if they receive unsolicited e-mails asking for sensitive information, they should be skeptical and not provide sensitive information to outside parties, especially when the requests are unsolicited," Millar said.
The Daily Pennsylvanian is an independent, student-run newspaper. Please consider making a donation to support the coverage that shapes the University. Your generosity ensures a future of strong journalism at Penn.
DonatePlease note All comments are eligible for publication in The Daily Pennsylvanian.