Stop Phishing Scams

The Latest Phishes Sent to Penn Staters

You have a New File –OR– Greetings! New Memo from HR Department -OR-xxx

by

Phishing message from 1:06 p.m. on July 5, 2017

From: “Navjot Barney” <Navjot.Barney@xxx.xx>
Sent: Wednesday, July 5, 2017 1:06:14 PM
Subject: You have a New File

Greetings,

You have a message from the Human Resources Department.

Click here [<– link leads to a fake Outlook Web App login page in the telephonedepositiondirectory.com or charviassociates.net or alexender.tk domain] to view your message

Copyright © 2017 Pennsylvania State University. All rights reserved.

 

The slightly different message with the subject “Greetings! New Memo from HR Department” links to the same fake Outlook Web App login, but has a greeting that is personalized with the recipient’s email address.

new message from Pennsylvania State University

by

Penn Staters continue to receive variations of a phishing campaign that first showed up in early March of 2017. That message, reported in this linked post, looks the same as messages received today. The only difference in the messages is that the new ones direct users to a fake WebAccess page in the gdsecuritysolutions.com domain.

Payroll schedule message.

by

From: “Pennsylvania State University Support.” <W809018@usm.edu>
To: “;'” <W809018@usm.edu>
Sent: Tuesday, June 20, 2017 11:22:18 AM
Subject: Payroll schedule message.

1 New Notification Regarding Your 2017 Payroll

http://www.psu.edu/h/payr0ll/2017/f0rmspdf. [<– Link text is not the actual address. It goes to a fake WebAccess login in the beecompliant.net domain]

The Pennsylvania State University.

Verify your account.

by

From: “PennState Webmail” <xxxxxxx@psu.edu>
Date: Tue, Jun 20, 2017 08:16 AM
Subject: Verify your account.
To:

You have 1 important mail alert!

We strongly advise you should update your account and resolve the problem.

Click here [<– Link leads to a fake WebAccess page in the specialitapizzimenti.com domain] to proceed

Failure to do this will lead to your account been suspended or de-activated.

Thanks for your co-operation.

Regards,
PennState WebMail! Account Services

psu.edu UPDATE

by

Phishing message from 1:12 p.m. on June 19, 2017

From: “xxxxxxxxx (xxxxxxxxx)” <xxxxxxxx@assumption.edu>
Sent: Monday, June 19, 2017 1:12:57 PM
Subject: psu.edu UPDATE

Dear psu.edu User,

This is to inform you that psu.edu security center is shutting down some accounts due to congestion. This notification has been sent regardless of your last login date and you are required to access your account by clicking the link below to confirm usage and enjoy uninterrupted services.

Notification Date: June 19th, 2017

To update your services; Click UPDATE [<– Link leads to a fake Zimbra login page in the 000webhostapp.com domain]

The Account Update Team at psu.edu Mail! thank you for being on the network and apologize for any inconvenience caused.

ABOUT THIS MESSAGE:

This service message was delivered to you as a psu.edu Mail ! customer to provide you with account updates and information about your account benefits.