This phish actually addressed users by their Penn State email address, but in a very confusing way. “Secure firstname.lastname@example.org” is not a conventional greeting. The from address looks Penn State-related, but uses psu.secure, which is not used by the University. This message also tells people to upgrade their server, which is not something the average person would ever need to do. The link provided goes to a forged Penn State WebAccess login page used for collecting user IDs and passwords for the scammers to use later. And finally, the message threatens that inaction will result in a required visit to an office – another common tactic that scammers use to try and trick people into falling for their trap.
From: “Penn State University” <email@example.com>
To: “Xxxxx Xxxxxx” <firstname.lastname@example.org>
Sent: Monday, May 16, 2016 4:16:45 PM
Subject: Important Notice From Admin: CODE#
Please Upgrade your server now to avoid fraud spam fake emails through our service:-
Upgrade_SSL (<- Link goes to a forged WebAccess login page)
P.s:-No action taken in the next 48hours,your mail will be disable, Hence you will need to come to our office for clearification.
Penn State Managment.