education & training

Information Security

Phishing

Phishing is an attempt to steal your personal information, usually via a fraudulent email message or phone call.

View All Phishing Security Alerts

“URGENT” NOTICE / ALERT Phish

Recently, Penn State, along with numerous other Universities world-wide have been attacked by a phishing campaign pretending accounts will be disabled without quick action. Some characteristics of the messages: Subjects of messages vary, but usually include URGENT...

Gift Card Scam

Do not send gift card codes via text or email; you will not be able to recover your money. They may also begin by saying: "Hi, I have an assignment I need you to do for me immediately. Let me know if you are available. So kindly respond back via email". You will...

Exciting News! and Rescheduled Timetable

Penn State was recently the subject of a job scam and phishing campaign. Two different messages were sent with different subjects, but both were malicious. Exciting News! is a job scam impersonating Penn State faculty. Do not correspond with the supposed sponsor;...

lightbulb

DON’T TAKE THE BAIT!

The people behind phishing scams pose as representatives of trusted, well-known organizations and ask for information that will allow them to impersonate their victims. When it comes to phishing, protect yourself: DON’T TAKE THE BAIT!

To report a phishing email or find out if an email is legitimate, please forward the message to phishing@psu.edu.

shield

HOW CAN I PROTECT MYSELF?

Phishing can cause serious financial damage, especially if you surrender your personal information to an attacker.

Remember: Penn State will NEVER ask you for your password, Social Security number, or other sensitive information via email.

BE WARY

Plenty of phishing attempts may have spelling, grammatical, or other glaring errors that can tip you off it’s a phish, but just as many don’t. Some of the most sophisticated phishing attempts will appear to come from people you trust.

Be wary of emails that ask you to open a file, click on a link, or enter information into a form. Be especially careful of emails that ask you to enter your Penn State Account information. Remember: you wouldn’t give a stranger the keys to your apartment. When you give up your Penn State Account information, you’re doing the same thing to your digital space.

If you are a student seeking employment, be aware there are a multitude of job scams out there.  Learn more about job scams by viewing tips from Career Services and Student Affairs.

CONFIRM BEFORE YOU CLICK

Use caution and trust your instincts. If an email seems suspicious, call the sender or email them directly. If you click on a phishing email “just to check” if it’s really from a friend, coworker, or classmate, it may already be too late. Even clicking on that link can infect your system with malware or other malicious code.

When in doubt, report it. You can always email phishing@psu.edu if you have concerns about a possible phishing email.

DETAILS MATTER

Sometimes, but not always, a cyber attacker will try to use information that they know about your organization to create a more authentic message. Read it carefully and think about the style and tone. Does it match how the sender’s usual writing style? Does it use terms that your organization does not? For example, Penn State doesn’t refer to your Penn State user ID as your “PSU user name.”