Latest Phishing Attempts
The Office of Information Security has received several reports of emails from Zoom alerting Penn State users to meeting attendees waiting in their personal meeting room. These emails are being sent by Zoom, and given the current Covid-19 crisis, please be aware that...
When Office 365 quarantines a message or file sent to a Penn State user it should generate an email that looks like the image below. This message is usually legitimate. If you do not recognize the sender mentioned in the message it is very likely that the contents...
Penn State’s Office of Information Security was informed of various malicious sites that are attempting to use the current Coronavirus pandemic as bait for their phishing campaigns. As always, their ultimate goal is to either steal your credentials or install...
How can I protect myself?
Phishing can cause serious financial damage–especially if you surrender your personal information to an attacker.
Remember: Penn State will NEVER ask you for your password, social security number, or other sensitive information via email.
Plenty of phishing attempts may have spelling, grammar, or other glaring errors that can tip you off it’s a phish–but just as many don’t. Some of the most sophisticated phishing attempts will appear to come from people you trust.
Be wary of emails that ask you to open a file, click on a link, or enter information into a form. Be especially careful of emails that ask you to enter your Access Account information. Remember: you wouldn’t give a stranger the keys to your apartment. When you give up your Access Account information, you’re doing the same thing to your digital space.
Confirm Before You Click
Use caution and trust your instincts. If an email seems suspicious, call the sender or email them directly. If you click on a phishing email “just to check” if it’s really from a friend, coworker or classmate, it may already be too late. Even clicking on that link can infect your system will malware or other malicious code.
When in doubt, report it. You can always email firstname.lastname@example.org if you have concerns about a possible phishing email.
Sometimes, but not always, a phishing attempt will try to use information that they know about your organization to create a more authentic-sounding message. Read the message carefully and think about the style and tone: does it match how the sender would usually write? Does it use terms that your organization does not? For example, Penn State doesn’t refer to your Webaccess ID as your “PSU user name.”