Help Desk: (814)865-HELP security@psu.edu

Phishing: Don’t Take the Bait

What is Phishing?

Phishing is an attempt to get you to do what a cybercriminal wants, like clicking on a link, downloading a file, or giving up your personal information. Usually, attackers will use a fraudulent email, text, or phone call to get you to fall for their tricks.

Phishing is more than an annoyance, it can have serious financial and personal consequences. Phishing scams may result in the loss of hundreds or even thousands of dollars to the victim, often with very little recourse.

You can AVOID phishing by following these tips:

Suspect the unexpected.

Many phishing attempts include attachments or links you’re not expecting, like a package delivery notice or an invoice for a product you didn’t order. If you didn’t expect it, suspect it–don’t take any action until you’re sure it’s legitimate.

Ignore the Call.

Many phishing attempts include a “call to action,” like clicking on a link, downloading a file, or entering your password or other personal information. Don’t fall for “calls to action,” no matter how urgent they may seem, unless you’re sure the sender is legitimate.

If you're suspicious, CONFIRM before you CLICK.

Call or email the sender directly before taking any action, downloading any file, or providing any personal info.

Remember, Penn State will NEVER ask you for your password, full social security number, or payment information via email. When in doubt, don’t click: contact the department or sender directly.

If you receive an email, text or phone call you suspect to be a phish, report it to phishing@psu.edu. You can also check our main phishing page, phishing.psu.edu, for the latest phishing alerts.