This phishing message pretty much does everything wrong. The “From” address ends in @psu.secure, which is not a Penn State domain, the “To” address is the same as the “From,” the greeting is generic, the message itself is downright confusing and rife with simple grammatical mistakes, and the signature uses “PSUYI” which doesn’t correspond with the University’s identity at all. The one this these spammers did well was to link to a forged WebAccess login page, but that page is in the drbauknecht.de domain, which is a clear indicator that it isn’t legitimate.
From: “Penn State University” <noreply@psu.secure>
To: “footman” <noreply@psu.secure>
Sent: Sunday, May 22, 2016 10:46:02 AM
Subject: Important Notice From Admin…
Dear Student,
Have you heard of the new development about the school routes and changes of Lecturals and Professors..
CHANGED_LECTURAL AND PROFESSOR (<- Links to a forged WebAccess login page in the drbauknecht.de domain)
PSUYI MANAGEMENT.