Stop Phishing Scams

The Latest Phishes Sent to Penn Staters

Important Notice From Admin: CODE#

by

This phish actually addressed users by their Penn State email address, but in a very confusing way. “Secure abc123@psu.edu” is not a conventional greeting. The from address looks Penn State-related, but uses psu.secure, which is not used by the University. This message also tells people to upgrade their server, which is not something the average person would ever need to do. The link provided goes to a forged Penn State WebAccess login page used for collecting user IDs and passwords for the scammers to use later. And finally, the message threatens that inaction will result in a required visit to an office – another common tactic that scammers use to try and trick people into falling for their trap.

Phish from 5/16/2016 at 4:16 p.m.

From: “Penn State University” <noreply@psu.secure>
To: “Xxxxx Xxxxxx” <xxxx@psu.edu>
Sent: Monday, May 16, 2016 4:16:45 PM
Subject: Important Notice From Admin: CODE#

Secure xxxx@psu.edu

Please Upgrade your server now to avoid fraud spam fake emails through our service:-

Upgrade_SSL (<- Link goes to a forged WebAccess login page)

P.s:-No action taken in the next 48hours,your mail will be disable, Hence you will need to come to our office for clearification.

Penn State Managment.

IT Admin Desk

by

This phish used a compromised Penn State Access Account to be sent, and put another Penn State address in the “To” field. It claims that Penn State is moving its email to a new system – TODAY. If and when Penn State makes a major change to its email system, there will be announcements made months in advance of the change to alert everyone of the plan and the cut-over date. The link in this message goes to a jimdo.com site with the Penn State academic seal on a form used to collect user IDs and passwords. The message also includes a threat of one’s account being made “inactive” if not updated – another sure sign of a phishing message.

Phishing message from 5/16/2016 at 10:09 a.m.

From: “XXXXX XXXXX” <xxxxxxx@psu.edu>
To: xxxx@psu.edu
Sent: Monday, May 16, 2016 10:09:00 AM
Subject: IT Admin Desk

Today Monday 16th May, 2016. we are upgrading our email system to Microsoft Outlook Webaccess 2016. This service creates more space and easy access to email. Please update your account by clicking on the link below and fill information for activation.

Click for Activation (<- Links to a bogus form on a jimdo.com site)

Inability to complete the information will render your account inactive.
Thank you.
IT Admin Desk

Pennsylvania State University : Webmail Security Alert.

by

This message appears quite official, even using the new Penn State mark. However, it comes from a Hotmail address and if you hover your mouse over the link in the message, you’ll see that it points to a Russian website. If you followed that link and entered your password, please make sure to change your Penn State Access Account password right away.

Phish from 5/9/2016 at 10:14 a.m.

From: “Penn State Webmail” <gareth_morgan11@hotmail.com>
Sent: Monday, May 9, 2016 10:14:03 AM
Subject: Pennsylvania State University : Webmail Security Alert.

Dear PSU User,

Your Penn State Webmail Account has expired.
Please activate your Webmail account immediately or your account will be closed or wouldn’t be able to send or receive mail.

Click here to reactivate https://webmail.psu.edu/ (<- actual link is a fake WebAccess page hosted on a Russian domain)

Regards
Customers Service.
Pennsylvania State University.

Important Message:-we do no request for anyones password!!

by

Image of a phishing scam

Subject: Important Message:-we do no request for anyones password!!
To: Recipients <no-reply@psu.secureline>
From: “Penn State University” <no-reply@psu.secureline>
Date: Tue, 26 Apr 2016 07:45:13

Dear Valued Student,

Please do not give out your password to anyone and make sure to login in through this secure line to get your ip and remote address registered to the server:-

https://webaccess.psu.edu/secure (<- real link is a bit.ly address that points to a fake WebAccess page)

P.s:- we would disable your mailbox in 24hours if no access to the link is made.
Penn State Management.