This phishing message really tried to look like it was from Penn State, but didn’t do a great job of it. The “from” address spoofed a Penn State address, but was actually a compromised California State University, Fresno address. There was no “to” address, meaning that anyone who received this got it via a blind courtesy copy (BCC). The phishers tried to use an image, but the URL for it didn’t work properly. The spelling and grammar in the message isn’t the worst we’ve seen, but it’s bad enough to be a tip-off that something isn’t right. And the link in the message goes to a forged Cal State Fresno website that is clearly hosted on Weebly.
From: “email@example.com” <firstname.lastname@example.org>
Sent: Wednesday, June 15, 2016 6:58:00 PM
Subject: Sign-in Attempt
On Tuesday, June 14, 2016 5:38 PM GMT+2, we noticed several unsuccessful sign in attempt to your Email account from an unrecognised device in Mexico.
If this was you, it’s okay you’re all set!
If this wasn’t you and believe someone may have tried to access your account, please review your information to protect your Email account here (<- goes to a forged Cal State Fresno website hosted on Weebly) and update your account recovery information.
Penn State campus email technology service.
Replies sent to this email cannot be answered.