Stop Phishing Scams

The Latest Phishes Sent to Penn Staters

Notice From Admin To Everyone..

by

This phish makes reference to student performance, perhaps in an effort to scare those who are concerned about their grades. However, the generic greeting and “To” address, along with the horrendous grammar, are big tip-offs that this is a phishing message. The link, if clicked, goes to a forged WebAccess page that allows the scammers to collect user IDs and passwords for later use.

Phish from 5/15/2016 at 10:22 a.m.

From: “Penn State University” <noreply@psu.securemin>
To: “Recipients” <noreply@psu.securemin>
Sent: Sunday, May 15, 2016 10:22:22 AM
Subject: Notice From Admin To Everyone..

Dear Valued Student,

About your last year performance,we hope you did change this time around and make sure to update this informations given to you:-

UPDATE_INFO (<- Link goes to a forged WebAccess login page)

Penn State Management.

Attention PSU Domain User

by

This phish references psu.edu, but the linked Google form features the seal from Pangasinan State University in the Phillipines. Aside from that, the “from” address has nothing to do with Penn State, and the poor grammar and vagueness of the message are clear tip-offs that this is a phish. Even the linked Google form states “Never submit passwords through Google Forms.”

Phish from 5-13-2016 at 1:22 p.m.

From: “Fadi Suboh” <xxxxx@xxxxx.xxx>
Sent: Friday, May 13, 2016 1:22:04 PM
Subject: Attention PSU Domain User

Attention PSU Domain User,

Kindly Update your psu.edu Email account on our School Domain, Latest Virus threat has been detected on our Data-base and all users on our domain are required to Click Here (<- links to a Google form with the Pangasinan State University seal) and fill the required information

Thanks
Administrator

Penn State: Review of all accounts

by

This phish provides a link to a forged Penn State WebAccess login page. The traits that give it away as a phish are the generic greeting and “To:” name, as well as the poor grammar, the vague reason for directing users to log in, and the appearance of the message coming from University “administration.” Dr. Barron and the rest of the President’s office will leave such messages to IT staff.

Phish from 5/12/2016 at 4:18 p.m.

From: administration@psu.edu
To: “Recipients” <administration@psu.edu>
Sent: Thursday, May 12, 2016 4:18:34 PM
Subject: Penn State: Review of all accounts

Notification:

To ensure that you have better security
We have a strict review process on your account
All updates completed will take effects within 24 hours

Log in (<- link goes to a forged Penn State WebAccess login page)

Administration

The Pennsylvania State University · Copyright 2016

Important Note From Admin..

by

This is another official-looking message that uses the new Penn State mark. However, it also uses a generic greeting, is poorly written, and is very unclear in its directions. The link within the message takes one to a forged Penn State WebAccess login page, which is clear by the address of that page.

Phish from 5/11/2016 at 2:45 p.m.

From: “PSUAlert” <No_reply@Psu.adminin>
To: “Recipient” <No_reply@Psu.adminin>
Sent: Wednesday, May 11, 2016 2:45:44 PM
Subject: Important Note From Admin..

Dear Valued Student,

We implore you all student to read and reply back to us about this news :-

READ_NOW (<- Links to a fake WebAccess page)

Penn state Management.

Pennsylvania State University : Webmail Security Alert.

by

This message appears quite official, even using the new Penn State mark. However, it comes from a Hotmail address and if you hover your mouse over the link in the message, you’ll see that it points to a Russian website. If you followed that link and entered your password, please make sure to change your Penn State Access Account password right away.

Phish from 5/9/2016 at 10:14 a.m.

From: “Penn State Webmail” <gareth_morgan11@hotmail.com>
Sent: Monday, May 9, 2016 10:14:03 AM
Subject: Pennsylvania State University : Webmail Security Alert.

Dear PSU User,

Your Penn State Webmail Account has expired.
Please activate your Webmail account immediately or your account will be closed or wouldn’t be able to send or receive mail.

Click here to reactivate https://webmail.psu.edu/ (<- actual link is a fake WebAccess page hosted on a Russian domain)

Regards
Customers Service.
Pennsylvania State University.