Stop Phishing Scams | no personalization

Active User: Mail Account Up-date

July 10, 2017 by gle13

From: “PSU System” <rajesh@ortechindia.com>
Sent: Sunday, July 9, 2017 9:03:12 PM
Subject: Active User: Mail Account Up-date

PENN STATE USER

Your inbox account has reached an Upgrade stage and All your incoming message will be pending, If you still an active user, Verify Your User ID to continue usage. click the button to verify your account: CONTACT US [<–Link leads to a fake WebAccess page in the ustadzmubarak.com domain]

Thanks and Regards

PSU WEB ACCESS Inc

You have a New File –OR– Greetings! New Memo from HR Department -OR-xxx

July 5, 2017 by Paul Carlisle Kletchka

Phishing message from 1:06 p.m. on July 5, 2017

From: “Navjot Barney” <Navjot.Barney@xxx.xx>
Sent: Wednesday, July 5, 2017 1:06:14 PM
Subject: You have a New File

Greetings,

You have a message from the Human Resources Department.

Click here [<– link leads to a fake Outlook Web App login page in the telephonedepositiondirectory.com or charviassociates.net or alexender.tk domain] to view your message

The slightly different message with the subject “Greetings! New Memo from HR Department” links to the same fake Outlook Web App login, but has a greeting that is personalized with the recipient’s email address.

new message from Pennsylvania State University

July 5, 2017 by Paul Carlisle Kletchka

Penn Staters continue to receive variations of a phishing campaign that first showed up in early March of 2017. That message, reported in this linked post, looks the same as messages received today. The only difference in the messages is that the new ones direct users to a fake WebAccess page in the gdsecuritysolutions.com domain.

Payroll schedule message.

June 20, 2017 by Paul Carlisle Kletchka

From: “Pennsylvania State University Support.” <W809018@usm.edu>
To: “;'” <W809018@usm.edu>
Sent: Tuesday, June 20, 2017 11:22:18 AM
Subject: Payroll schedule message.

1 New Notification Regarding Your 2017 Payroll

http://www.psu.edu/h/payr0ll/2017/f0rmspdf. [<– Link text is not the actual address. It goes to a fake WebAccess login in the beecompliant.net domain]

The Pennsylvania State University.

Verify your account.

June 20, 2017 by Paul Carlisle Kletchka

From: “PennState Webmail” <xxxxxxx@psu.edu>
Date: Tue, Jun 20, 2017 08:16 AM
Subject: Verify your account.
To:

You have 1 important mail alert!

We strongly advise you should update your account and resolve the problem.

Click here [<– Link leads to a fake WebAccess page in the specialitapizzimenti.com domain] to proceed

Failure to do this will lead to your account been suspended or de-activated.

Thanks for your co-operation.

Regards,
PennState WebMail! Account Services