education & training

Office of Information Security


Phishing is an attempt to steal your personal information, usually via a fraudulent email message or phone call.

Phishing Security Alerts

Honor Society Scam Emails

We are seeing a huge number of emails inviting students to join an honor society.  These messages come from a variety of email address including but not limited to:

eServices Notification – New VNote

Link will take you to a web age asking for your PSU credentials.  Do not click in the link. Because these spammers are spoofing valid PSU email addresses you may receive "Undeliverable"  notifications when an invalid recipient address is used.  These are not likely...



The people behind phishing scams pose as representatives of trusted, well-known organizations and ask for information that will allow them to impersonate their victims. When it comes to phishing, protect yourself: DON’T TAKE THE BAIT!

To report a phishing email, please forward the message to



Phishing can cause serious financial damage, especially if you surrender your personal information to an attacker.

Remember: Penn State will NEVER ask you for your password, Social Security number, or other sensitive information via email.


Plenty of phishing attempts may have spelling, grammatical, or other glaring errors that can tip you off it’s a phish, but just as many don’t. Some of the most sophisticated phishing attempts will appear to come from people you trust.

Be wary of emails that ask you to open a file, click on a link, or enter information into a form. Be especially careful of emails that ask you to enter your Access Account information. Remember: you wouldn’t give a stranger the keys to your apartment. When you give up your Access Account information, you’re doing the same thing to your digital space.


Use caution and trust your instincts. If an email seems suspicious, call the sender or email them directly. If you click on a phishing email “just to check” if it’s really from a friend, coworker, or classmate, it may already be too late. Even clicking on that link can infect your system with malware or other malicious code.

When in doubt, report it. You can always email if you have concerns about a possible phishing email.


Sometimes, but not always, a cyber attacker will try to use information that they know about your organization to create a more authentic message. Read it carefully and think about the style and tone. Does it match how the sender’s usual writing style? Does it use terms that your organization does not? For example, Penn State doesn’t refer to your WebAccess ID as your “PSU user name.”

Skip to toolbar