Identifying job offer scams, gift card scams, and phishing emails in general is crucial to keeping PSU safe. Here are a few suspicious things to watch out for and report.
Note: If you believe you have fallen for a phishing email, please change your password right away, and do not accept random two-factor requests (Duo pushes, phone calls, etc).
- When the email message contains the following:
- Poorly worded message with grammatical errors are a dead giveaway.
- Generally addressed emails such as “Dear employee”
- Unwarranted product charge or fake refund. Might bait you into calling a number and being scammed over the phone
- A sense of urgency, requiring contact or validating your password with a deadline
- An unexpected request, shared document, or attachment (such as a fake invoice). These usually come with an empty email that tempts you to open the attachment, or login at a fake sign-in page, before realizing the email was a scam/phish
- Requests to purchase gift cards, make an Amazon/PayPal payment with promise of reimbursement
- Requests for personal information to apply for a job or retirement assistance, with a follow up request to deposit a check as a “first paycheck”
- If it sounds too good to be true, it probably is. Do your research before accepting money, free items, or a job
- When to be suspicious of the sender’s email address:
- Note the sender email address, and their name. Some phishing emails use impersonation to trick people who skim over the email address, assuming the email is from who it says it is in the displayed name
- Anyone can make a Gmail address and name themselves “IT HelpDesk” or someone you know. If the email address is something strange like dept.chair221@gmail.com, this is a dead giveaway
- For legitimate PSU senders, their account may be compromised and used to send out spam. Let OIS know if you receive a suspicious phishing or job offer scam email from a PSU sender, and we will remediate the compromised account
- The sender email address can also be spoofed. If you see what looks like a legitimate email address sending you an unusual email, you can forward the email (as an attachment) to phishing@psu.edu and we will analyze the email for you
- Verify legitimate emails with a google search, or contact the sender through other means directly
- If a document is shared with you via Google Drive or Sharepoint, always look at who shared it in the Subject and Sender. Common phishing emails come from someone unknown sharing a document via Sharepoint/OneDrive, and naming the document “<Your coworker> shared a file with you”.
- The person who really shared the document should be at the top of the message, and their email address can be seen. They may be trying to impersonate someone you know to trick you into believing that document came from them.
- The link will lead you to a Google forms or Microsoft Forms page asking for username and password. This is an attempt to phish for your credentials.
- Past phishing emails shared through Google Drive or Sharepoint include the following named documents:
shared “FACULTY-STAFF” with you.
shared “DEPT EVALUATION” with you.
shared “DEPT ASSESSMENT” with you.
shared “END OF THE YEAR SPORTS REVIEW” with you.
shared “FACULTY EVALUATION FORM” with you.
shared “Docx copy” with you.
shared “IT HELP DESK” with you.
shared “Office Evaluation doc.” with you.
shared “Department Evaluation doc” with you.
shared “FACULTY EVALUATION FORM” with you.
shared “EVALUATION FORM” with you.
shared “HR DEPT INFORMATION REQUEST” with you