It looks like the Fall term phishing campaigns against PSU users (particularly faculty and staff) have really picked up in recent weeks. The scammers have been seen trying waves of the following:
-
Payroll problems based message that leads you to a fake PSU credentials site that tries to capture Duo authentication
-
Google drive or One Drive “shares” that take you to phishing links that try to harvest your credentials
-
Fake invoices for tech products
-
Email from dept head/director/etc to other department personnel, asking for a callback (this used to be very popular in recent years but has dropped in volume this Fall)
Please make sure that you are treating most emails with clickable links that lead to authentication requests (login/password) with extreme caution. If there are google drive documents that claim to have been shared to you, visit Google drive directly and see if you can find them there. When in doubt, we recommend directly contacting the source using a prior communications method (or the campus directory) to confirm if the email is legitimate.
And please feel free to send us a specimen to investigate if you suspect something.