Help Desk: (814)865-HELP security@psu.edu

Phishing

Don’t take the bait!

Phishing is an attempt to steal your personal information, usually via a fraudulent email message or phone call. The people who do this pose as representatives of trusted, well-known organizations and ask for information that will allow them to impersonate their victims.

When it comes to phishing, protect yourself: DON’T TAKE THE BAIT!

View the latest on Phishing Extortion Scams.

Latest Phishing Attempts

FINE DUE: Motor Vehicle Violation

The below e-mail was sent as part of a phishing test.  Please do NOT contact the Department of Transportion or your local police about the below e-mail.  Again, this was only a test.     The above e-mail was sent as part of a phishing test.  Please do NOT contact the...

“PSU: Your Approval Required!”

From: Steiger, Dillon R Sent: Saturday, November 10, 2018 2:47:48 AM To: Steiger, Dillon R Subject: PSU: Your Approval Required!...

“Blackboard Notifcation”

---------------- Forwarded Message ---------------- From: "Pennsylvania State University" Date: Fri, Nov 2, 2018 03:59 AM Subject: Blackboard Notifcation To: "sqc3@psu.edu" You have received a new message to you via Blackboard System....

How can I protect myself?

Phishing can cause serious financial damage–especially if you surrender your personal information to an attacker.

Remember: Penn State will NEVER ask you for your password, social security number, or other sensitive information via email.

U

Be Wary

Plenty of phishing attempts may have spelling, grammar, or other glaring errors that can tip you off it’s a phish–but just as many don’t. Some of the most sophisticated phishing attempts will appear to come from people you trust.

Be wary of emails that ask you to open a file, click on a link, or enter information into a form. Be especially careful of emails that ask you to enter your Access Account information. Remember: you wouldn’t give a stranger the keys to your apartment. When you give up your Access Account information, you’re doing the same thing to your digital space.

Z

Confirm Before You Click

Use caution and trust your instincts. If an email seems suspicious, call the sender or email them directly. If you click on a phishing email “just to check” if it’s really from a friend, coworker or classmate, it may already be too late. Even clicking on that link can infect your system will malware or other malicious code.

When in doubt, report it. You can always email phishing@psu.edu if you have concerns about a possible phishing email.

Details Matter

Sometimes, but not always, a phishing attempt will try to use information that they know about your organization to create a more authentic-sounding message. Read the message carefully and think about the style and tone: does it match how the sender would usually write? Does it use terms that your organization does not? For example, Penn State doesn’t refer to your Webaccess ID as your “PSU user name.”

Something’s Phishy…

Attackers may try to steal your information by creating a login page that looks similar to one you may normally use. In this example, the attacker tried to create a WebAccess login page.

What’s wrong with this picture?

  • The Penn State logo used on this page was from Penn State athletics, not the official “shield” logo
  • The “WebAccess” background was a photo of the Creamery, not the current correct photo of the University
  • The login page did not show the typical Privacy and Legal Statements
  • The copyright statement was absent
  • The Nondiscrimination Policy link was missing
  • The password prompts (“I forgot my password”/”Change my Penn State Account password”) were missing

 

Are you a Penn State employee who'd like to request training for your unit?