This phish used a compromised Penn Stater’s Access Account to be sent, but such a message would never be sent from an individual’s email address if it were legitimate. The link in the message goes to a jimdo.com address and uses Penn State’s academic seal on a form for collecting user IDs and passwords.
From: “XXXXX XXXXX” <firstname.lastname@example.org>
Sent: Monday, May 16, 2016 10:03:15 AM
Subject: Dear User
Due to recent upgrades on our servers Your 5 (Five) incoming Emails are on hold. Please validate below to retrieve your email
click RESET (<- Links to a bogus form requesting your user ID and password) to retrieve your email.
We are sorry for the inconvenient.
With best regards
IT HELP DESK