This phish appears to come from the Penn State Webmail team, but the “From:” address is actually a Comcast account. There is no “To:” address on the message, which indicates that everyone who received it was in the “Bcc:” field. The greeting is a very generic “Dear PSU User” rather than being personalized. If there were truly a problem with your account, you would be addressed specifically in the message. The link in the message leads to an address in the jonkerbouw.nl domain, which is definitely not a Penn State address. And this message also threatens that your account will be suspended if you don’t take immediate action – that is another clear giveaway that this is a phish.
From: Penn State Webmail [mailto:firstname.lastname@example.org]
Sent: Tuesday, July 26, 2016 2:30 PM
Subject: Pennsylvania State University : Webmail Account Security Alert.
Dear PSU User,
Your Penn State Webmail E-mail Account is due for upgrade.
Kindly upgrade immediately to avoid E-mail Account suspension or shut down.
Click Here To Upgrade Now <– links to a fake WebAccess page in the jonkerbouw.nl domain
Note-: Please kindly upgrade your Penn State Webmail E-mail Account immediately, failure to do so will lead to account suspension.
|Customer Service Webmail…
© 2016 Pennsylvania State University