Stop Phishing Scams | generic greeting

Important Note From Admin..

May 11, 2016 by Paul Carlisle Kletchka

This is another official-looking message that uses the new Penn State mark. However, it also uses a generic greeting, is poorly written, and is very unclear in its directions. The link within the message takes one to a forged Penn State WebAccess login page, which is clear by the address of that page.

Phish from 5/11/2016 at 2:45 p.m.

From: “PSUAlert” <No_reply@Psu.adminin>
To: “Recipient” <No_reply@Psu.adminin>
Sent: Wednesday, May 11, 2016 2:45:44 PM
Subject: Important Note From Admin..

Dear Valued Student,

We implore you all student to read and reply back to us about this news :-

READ_NOW (<- Links to a fake WebAccess page)

Penn state Management.

Pennsylvania State University : Webmail Security Alert.

May 9, 2016 by Paul Carlisle Kletchka

This message appears quite official, even using the new Penn State mark. However, it comes from a Hotmail address and if you hover your mouse over the link in the message, you’ll see that it points to a Russian website. If you followed that link and entered your password, please make sure to change your Penn State Access Account password right away.

Phish from 5/9/2016 at 10:14 a.m.

From: “Penn State Webmail” <gareth_morgan11@hotmail.com>
Sent: Monday, May 9, 2016 10:14:03 AM
Subject: Pennsylvania State University : Webmail Security Alert.

Dear PSU User,

Your Penn State Webmail Account has expired.
Please activate your Webmail account immediately or your account will be closed or wouldn’t be able to send or receive mail.

Click here to reactivate https://webmail.psu.edu/ (<- actual link is a fake WebAccess page hosted on a Russian domain)

Regards
Customers Service.
Pennsylvania State University.

Dear psu.edu User

May 2, 2016 by Paul Carlisle Kletchka

Phish from 5/2/16 at 1:05 p.m.

From: “REDACTED” <XXXXXX@psu.edu>
To: <noreply@ux.account.microsoft.com.akadns.net>
Subject: Dear psu.edu User
Date: Mon, 2 May 2016 13:05:25 -0400

Dear psu.edu User,

Due to database maintenance that is happening in our psu.edu mail message center, we are currently deleting ALL inactive and hacked psu.edu E-mail account from our email account database, with this new improved security software it will provides our users with a new security system to protect our users from getting their psu.edu E-mail accounts hacked.

We recommend that you update your account now to avoid termination or account de-activation.

CLICK HERE ADMIN SYSTEM (<- links to a page that asks for account credentials) to verify your mail account.

We are sorry for the inconvenient.
Thank you for your support!
Sincerely,
The psu.edu Team
The Official Email Provider of the Conservative Movement™
Please keep this email – it contains all of your important links:
=============================================================================================

Important Message:-we do no request for anyones password!!

April 26, 2016 by Paul Carlisle Kletchka

Image of a phishing scam

Subject: Important Message:-we do no request for anyones password!!
To: Recipients <no-reply@psu.secureline>
From: “Penn State University” <no-reply@psu.secureline>
Date: Tue, 26 Apr 2016 07:45:13

Dear Valued Student,

Please do not give out your password to anyone and make sure to login in through this secure line to get your ip and remote address registered to the server:-

https://webaccess.psu.edu/secure (<- real link is a bit.ly address that points to a fake WebAccess page)

P.s:- we would disable your mailbox in 24hours if no access to the link is made.
Penn State Management.