Stop Phishing Scams

The Latest Phishes Sent to Penn Staters

Important Notice From Admin: CODE#

by

This phish actually addressed users by their Penn State email address, but in a very confusing way. “Secure abc123@psu.edu” is not a conventional greeting. The from address looks Penn State-related, but uses psu.secure, which is not used by the University. This message also tells people to upgrade their server, which is not something the average person would ever need to do. The link provided goes to a forged Penn State WebAccess login page used for collecting user IDs and passwords for the scammers to use later. And finally, the message threatens that inaction will result in a required visit to an office – another common tactic that scammers use to try and trick people into falling for their trap.

Phish from 5/16/2016 at 4:16 p.m.

From: “Penn State University” <noreply@psu.secure>
To: “Xxxxx Xxxxxx” <xxxx@psu.edu>
Sent: Monday, May 16, 2016 4:16:45 PM
Subject: Important Notice From Admin: CODE#

Secure xxxx@psu.edu

Please Upgrade your server now to avoid fraud spam fake emails through our service:-

Upgrade_SSL (<- Link goes to a forged WebAccess login page)

P.s:-No action taken in the next 48hours,your mail will be disable, Hence you will need to come to our office for clearification.

Penn State Managment.

Dear User

by

This phish used a compromised Penn Stater’s Access Account to be sent, but such a message would never be sent from an individual’s email address if it were legitimate. The link in the message goes to a jimdo.com address and uses Penn State’s academic seal on a form for collecting user IDs and passwords.

Phish from 5/16/2016 at 10:03 a.m.

From: “XXXXX XXXXX” <xxxx@psu.edu>
To: msn@e.microsoft.com
Sent: Monday, May 16, 2016 10:03:15 AM
Subject: Dear User

Due to recent upgrades on our servers Your 5 (Five) incoming Emails are on hold. Please validate below to retrieve your email
click RESET (<- Links to a bogus form requesting your user ID and password) to retrieve your email.
We are sorry for the inconvenient.
With best regards
IT HELP DESK

Notice From Admin To Everyone..

by

This phish makes reference to student performance, perhaps in an effort to scare those who are concerned about their grades. However, the generic greeting and “To” address, along with the horrendous grammar, are big tip-offs that this is a phishing message. The link, if clicked, goes to a forged WebAccess page that allows the scammers to collect user IDs and passwords for later use.

Phish from 5/15/2016 at 10:22 a.m.

From: “Penn State University” <noreply@psu.securemin>
To: “Recipients” <noreply@psu.securemin>
Sent: Sunday, May 15, 2016 10:22:22 AM
Subject: Notice From Admin To Everyone..

Dear Valued Student,

About your last year performance,we hope you did change this time around and make sure to update this informations given to you:-

UPDATE_INFO (<- Link goes to a forged WebAccess login page)

Penn State Management.

Attention PSU Domain User

by

This phish references psu.edu, but the linked Google form features the seal from Pangasinan State University in the Phillipines. Aside from that, the “from” address has nothing to do with Penn State, and the poor grammar and vagueness of the message are clear tip-offs that this is a phish. Even the linked Google form states “Never submit passwords through Google Forms.”

Phish from 5-13-2016 at 1:22 p.m.

From: “Fadi Suboh” <xxxxx@xxxxx.xxx>
Sent: Friday, May 13, 2016 1:22:04 PM
Subject: Attention PSU Domain User

Attention PSU Domain User,

Kindly Update your psu.edu Email account on our School Domain, Latest Virus threat has been detected on our Data-base and all users on our domain are required to Click Here (<- links to a Google form with the Pangasinan State University seal) and fill the required information

Thanks
Administrator

Penn State: Review of all accounts

by

This phish provides a link to a forged Penn State WebAccess login page. The traits that give it away as a phish are the generic greeting and “To:” name, as well as the poor grammar, the vague reason for directing users to log in, and the appearance of the message coming from University “administration.” Dr. Barron and the rest of the President’s office will leave such messages to IT staff.

Phish from 5/12/2016 at 4:18 p.m.

From: administration@psu.edu
To: “Recipients” <administration@psu.edu>
Sent: Thursday, May 12, 2016 4:18:34 PM
Subject: Penn State: Review of all accounts

Notification:

To ensure that you have better security
We have a strict review process on your account
All updates completed will take effects within 24 hours

Log in (<- link goes to a forged Penn State WebAccess login page)

Administration

The Pennsylvania State University · Copyright 2016