If your Penn State Access Account has been compromised, or if you notice any strange activity taking place with your account, you should immediately browse to https://www.work.psu.edu/password and change your password.
The following information can be used as a guide if your account was compromised or if you wish to learn about how to avoid a compromise.
Additional corrective actions to consider after a compromise
Any other account passwords that were the same or similar to a compromised Penn State Access Account password should immediately be changed to passwords completely different than the new Penn State password. For example, banking accounts, other email accounts, social networking accounts, and others may be vulnerable.
Again, if you notice any strange activity taking place with your account, you should immediately browse to https://www.work.psu.edu/password and change your password. Also verify that your forwarding email is correct. Go to https://www.work.psu.edu/cgi-bin/util/forward.cgi to verify your email forwarding address and make an update if it is not your current psu@edu address or the external (non-Penn State) email address you normally use.
Never re-use an old password, especially one that may have been compromised.
How can an account become compromised in the first place?
- Replying to a phishing scam. If you are not sure what a phishing scam is, more information is provided on our phishing resource page. The University will never ask for any sensitive information to be returned in an email message, such as passwords, social security numbers, credit card numbers, and other highly confidential information.
- Replying to an email that appeared to be from the University’s WebMail or IT administrators, asking you to confirm account details, including your password, by entering them at a web site linked from the message. Again, whenever you are asked for confidential information in an email, immediately become suspicious, then either delete the message or contact your local IT support for guidance.
- Sharing your account with anyone, even a friend or family member. It is essential that you refrain from this activity because it can get you in trouble. When you received your Penn State Access Account, you agreed to abide by Policy AD20, which prohibits account sharing. For a refresh on Policy AD20, see http://guru.psu.edu/policies/Ad20.html.
- Using the same password on more than one account can lead to disaster. It is a best practice to avoid using the same password for multiple accounts, especially for one such as your Penn State Access Account, which allows access to confidential systems and data.
- Using your PSU account on anyone else’s devices, including public devices or resources such as in a café or airport, could potentially lead to a compromise. Because you have no way to verify if an unfamiliar device or Internet access is secure, you should refrain from accessing confidential accounts in those situations, if possible.
- Using weak passwords that can be easily guessed may also lead to a compromise. You should always use a strong password that cannot be guessed.
- Writing your password down on paper is also a high-risk activity. Never write your password down because others could easily find or see it.