Stop Phishing Scams | PSU Password on a Non-PSU Service

“Account-Update”

July 16, 2018 by jcb388

This is to notify all the PSU students and staffs that your account information need to be updated in our database to avoid deactivation .Click
View here [<–Link leads to a phishing site with the sitebuilder.name.com domain] to update

This message may contain confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, do not use, distribute, or copy this e-mail. Please notify the UC Irvine Health – Compliance and Privacy Office via email at hacompliance@uci.edu or by phone 888-456-7006 immediately if you have received this e-mail in error. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission.

You’ve been invited to view the following document (on Dropbox )

August 8, 2017 by gle13

From: “Dropbox” <no-reply@dropbox.com>
To: “Recipients” <no-reply@dropbox.com>
Sent: Tuesday, August 8, 2017 9:24:07 AM
Subject: You’ve been invited to view the following document (on Dropbox )

Hi there,

You’ve been invited to view the following document (on Dropbox )

Open Document below and sign in with your e-mail “username *******@psu.edu” to view shared documents.

Open Document [<–Link leads to a fake page in the alfalaktourandtravels.com domain]

NOTE: You are accessing a highly secured shared document.

Enjoy,

– The Dropbox Team

abc123@psu.edu 2 new Blackboard messages from IT Admin

August 23, 2016 by Paul Carlisle Kletchka

From: Pennsylvania State University I Blackboard <xxxxxx@uconn.edu>
Date: Tuesday, August 23, 2016 at 10:37 AM
To: <xxxxxx@psu.edu>
Subject: xxxxxx@psu.edu 2 new Blackboard messages from IT Admin

Dear xxxxxx@psu.edu,

You have 2 new messages from your University Technology Admin

posted to you through the Blackboard Learning System.

www.blackboard.com/blackboard/course/messagecenterxxxxxx@psu.edu36344331 (<– Link leads to a fake Blackboard login page)

Regards,
MY UNIVERSITY.
Admin Management

Phish from August 23, 2016 at 10:37 a.m.

This phishing message gives the impression that Penn State uses Blackboard for its LMS and there are messages waiting there for the recipient. However, Penn State uses Canvas and ANGEL, so that is one clue this is a bogus message. Additionally, the “from” address is a UConn email address, whereas a message about a central Penn State service would come from an official Penn State address. The link that is shown in the message is not the URL one is taken to if it’s clicked – the page it links to is in the ortopedicosfuturo.com domain, and is a fake Blackboard login page. And finally, while the message states that the recipient has 2 new messages, it doesn’t give any clear instructions on what needs to be done with them.

You have 1 document sent to you via Dropbox shared folder

August 5, 2016 by Paul Carlisle Kletchka

From: “Dropbox” <no-reply@dropboxmail.com>
To: “Recipients” <no-reply@dropbox.com>
Sent: Friday, August 5, 2016 3:50:42 PM
Subject: You have 1 document sent to you via Dropbox shared folder

You have 1 document sent to you via Dropbox shared folder

Log in with your Access ID ***@psu.edu to view shared document.

View Folder <– Link leads to a fake Dropbox log-in page hosted in the boxjewelry.ru domain

NOTE: You are accessing a highly secured shared documents.

Enjoy,
– The Dropbox Team

Dropbox keeps your files safe, synced, and easy to share. To view the document, open folder and sign in with your email to continue to Dropbox.
© 2016 Dropbox

Phish from August 5, 2016 at 3:50 p.m.

This phish is an almost identical repeat of a phish with the same subject from last week. The signs that it’s a phish are pretty much the same:

The generic “Recipients” in the To field
The lack of any mention of a specific person’s name in the greeting or information about the sharing properties of the supposed file
Penn State has no official affiliation with Dropbox, so you would never use your Access Account to log in to their service (Penn State uses Box, instead)
The address linked in the message is not a Dropbox URL, it is in the boxjewelry.ru domain and leads to a fake Dropbox login page

You have 1 document sent to you via Dropbox Shared Folder

July 25, 2016 by Paul Carlisle Kletchka

This phish does a good job of appearing to come from Dropbox, even though it does not. However, you can tell it’s a phish from several details:

The generic “Recipients” in the To field
The lack of any mention of a specific person’s name in the greeting or information about the sharing properties of the supposed file
Penn State has no official affiliation with Dropbox, so you would never use your Access Account to log in to their service (Penn State uses Box, instead)
The address linked in the message is not a Dropbox URL, it is in the ankarabeyazesyaservisi.net domain and leads to a fake Dropbox login page

Phishing Message from 4:07 p.m. on July 25, 2016

From: “Dropbox” <no-reply@dropboxmail.com>
To: “Recipients” <no-reply@dropbox.com>
Sent: Monday, July 25, 2016 4:07:58 PM
Subject: You have 1 document sent to you via Dropbox Shared Folder

You have 1 document sent to you via Dropbox Shared Folder

View folder below and sign in with your Penn State Access ID (***@psu.edu) and password to view the shared document

View Folder <– Link goes to a fake Dropbox login page

NOTE: You are accessing a highly secured shared documents.

Enjoy,
– The Dropbox Team

Dropbox keeps your files safe, synced, and easy to share. To view the document, open folder and sign in with your email to continue to Dropbox.