Friday, July 10, 2009

Phishing Attempts Aimed at Penn State Faculty and Staff

Faculty and staff are reminded that the college and university will *NEVER* request account/password information via E-mail.

You should never reply to a message asking for account information, nor should you ever click a link from a message that asks for account information. Penn State and the College of Ag Sciences will never ask for your account/password in this method.

If you receive messages of this type, simply delete the message.
Normally, Ag IT will not send alerts warning employees of individual phishing scams. These scams are too numerous to regularly keep on top of, so please remember legitimate entities do not request information in this manner.

However, in the past week we have seen new examples of phishing aimed at our employees. We are taking this opportunity to refresh in everyone's mind that these messages should be deleted if they make it past the college and university's spam filters.

Sample 1 below is a general attempt to have you click on the link. In this case, the link doesn't appear to show you a form. Instead the page attempts to download and install malware on your computer. If you receive messages of this type, simply delete the message.

Sample 1

Subject: Your Webmail Quota Has Exceeded The Set Quota/Limit

Your Webmail Quota Has Exceeded The Set Quota/Limit Which Is 20GB.
You Are Currently Running On 23GB Due To Hidden Files And Folder On Your Mailbox.

Please Click the Link Below To Validate Your Mailbox And Increase Your Quota.

w w
[number changed and link removed]
Failure To Click This Link And Validate Your Quota May Result In Loss Of Important Information In Your Mailbox/Or Cause Limited Access To It.

Sample 2 below is an example of a "spear-phishing" message. These messages are attacks aimed directly at a company, government agency, organization, or group. Spear phishers send E-mail that appear genuine to all the employees or members of these groups

You can read the sample E-mail below. It is a well crafted note! We've removed the actual link below. But if you were to receive an E-mail like this, you can hover (hold the mouse over the link without clicking) to see the destination address.

In the actual E-mail the address started with "" but then added "" as the actual destination. This will usually confirm what you knew anyway. So, simply delete the message.

Sample 2

From: PSU Help Desk []
Subject: Mandatory Security Update: July 2009

The Pennsylvania State UniversityInformation Technology ServicesThe ITS Help Desk


Due to the recent increase in spam emails, we have upgraded to an advanced server for your premium security to prevent spam from getting to your inbox. As a result of this, it is important that you login to your email using the link below, to make sure that your account information is up-to-date.

Click Here to Protect Your Account [link removed]

This email has been sent to all PSU Webmail users and it is mandatory to follow.

Thank you for your cooperation.

IT DepartmentCopyright © 2009 The Pennsylvania State University

Sample 2 Image

If you had clicked the link, you would be taken to a page that mimicked the real Penn State WebAccess login window. But again, the actual address is fake.

The ITS Alerts site has a listing of E-mail (spam, phishing) alerts which gives you an idea of how prevalent these activities are.

No comments: