PSU is constantly being barraged by prolonged spearphishing attacks. Phishing is where the attacker tries to trick you into giving out sensitive information. Spear phishing is where the e-mails are specifically tailored to a target audience. It relies on social engineering the victim to fall for the e-mail and give up some information the attacker wants. Don't be one of those victims.

You should all know the score... DO NOT send out any unencrypted sensitive information via e-mail. Not SSNs, not passwords, not credit card information, nothing.

We have a new strain that purports to come from the "Vice chancellor", urging you to give up your personal information so that you can continue using your webmail account. You will currently note subjects that look like:

Warning!!

Mail Quota Exceeded!!!

Verify Your E-Mail Account Soon!

Verify Your E-Mail Account to Prevent Deletion

although future attacks could prey on other services/facilities.

Since we're all in the online campus directory, expect more on the way from other more "authoritative" people.

Remember, the CAT and OIT **never** ask for passwords via e-mail.

Also, be aware of the consequences of responding to the scammer. They are using compromised accounts on our systems to send out more spam to other places. Since it is coming from a legitimate site (us!), it usually gets through most spam blockers. This results in PSU's mail servers getting blacklisted all over the net which then prevents all our users from sending e-mail to various destinations until we can get ourselves de-listed. This can take days and sometimes weeks. You can see the chaos that can happen if this occurred around assignment due dates or finals week and your instructor is trying to reachyou.

If you have sent out your information to a spear phish attempt, let us know immediately and change your password.  (And no, we do not want to know what your password is!)