Headlines 
Current Alert
Resolved Alert
Future AlertLast updated on July 2, 2008 at 12:37PM
Bogus e-mail messages claiming to be from Penn State IT offices continue to be received by Penn State users on a frequent basis, particularly on weekends and holidays, and are likely to continue for the foreseeable future.
Users should be aware that Penn State's ITS staff will never ask for your password, either by e-mail or in person. Official correspondence from a Penn State office will include contact information such as a phone number, these fake messages do not. For more information visit the ITS Take Control website's Phishing Tips:
http://its.psu.edu/takecontrol/phishing.php
Penn State is not alone. Other universities have been experiencing the same "spear phishing" attacks since late 2007. The intent of this social engineering trick appears primarily to be to use universities' web mail systems to send spam with the newly acquired userID/password combination. Some universities have reported unauthorized access to library databases with their users' credentials.
Please simply delete these messages. Do NOT reply to the spammer, as this confirms to them that your e-mail address is valid. There is no need to report these phishing e-mails, as ITS staff have been receiving them as well.
For more information, please contact ITS Help Desk (helpdesk@psu.edu).
ITS Daily Maintenance Window: 5:00 - 7:00 a.m. EST/EDT
