Sent: Thursday, June 22, 2017 2:59:07 PM
Subject: PSU MAIL UPDATE…
This phish attempts to pretend that your account is marked for deletion and will be going away if you do not take action. The message seems to be urgent and threatens action if the user does not click on the link.
Going through the messsage section by section, there are several issues that give it away as a phish.
Subject: “Message from admin-support” or “WARNING!!!”
Date: June 25, 2016 9:17 AM
From: “PSU” <email@example.com>
YOUR ACCOUNT IS MARKED AND WILL BE DEACTIVATED IF NOT VERIFIED NOW.
Verify-now (http://www.gloomky.com/wp-admin/css/PSU/ <- The link given has nothing to do with Penn State – it’s a gloomky.com address designed to harvest passwords.
This phish references psu.edu, but the linked Google form features the seal from Pangasinan State University in the Phillipines. Aside from that, the “from” address has nothing to do with Penn State, and the poor grammar and vagueness of the message are clear tip-offs that this is a phish. Even the linked Google form states “Never submit passwords through Google Forms.”
From: “Fadi Suboh” <firstname.lastname@example.org>
Sent: Friday, May 13, 2016 1:22:04 PM
Subject: Attention PSU Domain User
Attention PSU Domain User,
Kindly Update your psu.edu Email account on our School Domain, Latest Virus threat has been detected on our Data-base and all users on our domain are required to Click Here (<- links to a Google form with the Pangasinan State University seal) and fill the required information