Stop Phishing Scams

The Latest Phishes Sent to Penn Staters

What Is Phishing?

Phishing is an attempt to steal personal information from someone, usually via a fraudulent email message or phone call. The people who do this pose as representatives of trusted, well-known organizations and ask for information that will allow them to impersonate their victims. The con artists behind these scams may try to gain information that could lead to identity theft or they may try to gather user IDs and passwords that give them access to electronic accounts.

This site has been set up to aid Penn Staters in identifying and reporting phishing scams that attempt to gather Access Account credentials – the user IDs and passwords used for Penn State IT services.

How to identify phishing scams

Sample email message with phishy attributes

Usually, something is just a bit “off” in a phishing message. Here are some of the things to look for:

  • A generic greeting – Phishing messages are usually sent out in waves to many people. The people who send them aren’t likely to take the time to personalize the messages, so they’ll address their targets with greetings like “Dear user,” “Penn State student,” or not at all. If your name doesn’t appear in the message, you should be suspicious.
  • Poor grammar and incorrect spelling – If a message is important, the organization sending it to you will take the time to have people look it over for mistakes. And although scammers have improved on this count as time has passed, take a look at some of our reported phishing messages and see if their quality rises to the level of “important official message.” If it doesn’t, you should be wary.
  • Forged links – Scammers will usually try to gain your information by directing you to a website where you are prompted to enter and submit your personal information. The links they provide for these websites often look like they are an appropriate address, but if you roll or “hover” your mouse over the link and observe the text that pops up, you’ll likely see an unrelated website address. If the two addresses don’t match up, watch out – the message is likely to be a scam.
  • A request for personal information – Phishing messages are sent in an attempt to trick you into handing over your personal information. If you receive a message asking for your personal information, it’s likely a phishing attempt.
  • A sense of urgency – Scammers don’t want you to think about their message. They want you to take action on it. So they will often try to make you think that something has happened that requires you to immediately act. Don’t be fooled into quickly handing over your password or other information – if an organization believes that your account has been hacked, they will lock it so no one can access it. There will be no rush for you to verify information, because until you prove you’re you, no one will be able to log in to your account.

So, armed with this information, are you ready to help stop phishing scams at Penn State? If so, learn how to report phishing messages.