Recently, Penn State, along with numerous other Universities world-wide have been attacked by a phishing campaign pretending accounts will be disabled without quick action.
Some characteristics of the messages:
- Subjects of messages vary, but usually include URGENT or IMPORTANT NOTICE or ALERT.
- Message bodies are short, with a message that the message attachment needs your immediate attention.
- The message attachment has an .eml extension and often uses URGENT OR IMPORTANT in its name.
- The attachment will take you to a page saying that there is a recent request from you to terminate your account. It leads to a form asking for your Penn State address and password and your phone number (so an attacker can send a follow-up to your device to try to trick you into accepting a Duo or Microsoft MFA authentication).
- The message may appear to have been sent from a valid Penn State account.
- The attacker may attempt to contact you by text message if you have unknowingly given them your credentials. Recent text messages include “PSU EDU NOTICE! and ask you to respond with a verification code.
Initial Email Sample:
Phishing Page Sample:
Request for MFA/Duo via Text Message Sample:
If you receive a message that may be a phish, don’t respond right away. Instead, forward it to phishing@psu.edu and Information Security staff will respond whether it is malicious. Do not enter your credentials and phone number on any form, and never supply any MFA or Duo information to anyone regardless of why they ask for it. Penn State will never text you or call you asking for that information. If you think you may have already supplied your password to this or another scam, change your password immediately at https://accounts.psu.edu/password. If you ever receive a Duo or MFA prompt which you did not initiate, mark it as fraud.