University Park, Pa. -- Fraudulent e-mails that appear to have come from the Penn State helpdesk have been sent to Penn State faculty, staff and students. These e-mails, which ask recipients to provide their userids and passwords, appear to be part of a phishing scam. These e-mail messages were not sent by the Penn State Information Technology Services (ITS) Help Desk or by helpdesk@psu.edu. Please do NOT reply to these messages as they are fake. ITS strongly recommends that the messages be deleted. Anyone who replied to any of these fraudulent messages should contact Security Operations & Services at (814) 863-9533.
ITS urges students, faculty, and staff not to give their passwords to anyone, under any circumstances. Passwords are an essential part of each person's Penn State "digital identity" and always must be kept as secure as possible. In addition, the University (and other official organizations) will never require anyone to provide sensitive information such as passwords, credit card numbers, or Social Security information via e-mail.
Most phishing schemes come in the form of unsolicited e-mail, with phrases like, "we need to confirm your account, please click here." However, the link leads users to a false Web site, and then prompts them to provide personal information such as their password, address, Social Security number, credit card data and more. The "phishers" then use the information to commit identity theft, a type of criminal activity that can include creating false bank accounts, maxing out credit cards and taking out loans in the victim's name.
Even if a company address may look legitimate, it's important to never send private information in response to an e-mail of this kind.
For more information about how to protect your personal data from phishing scams, visit the Penn State ITS Take Control Web site at http://its.psu.edu/takecontrol/phishing.php online.