Penn State Warns of Spear Phishing Attacks

Head of department standing and talking to smiling young employees in officePenn State is warning its community about a recent spike in phishing attacks targeting the university’s employees. Attackers are sending emails posing as real Penn State employees and asking recipients if they can borrow money. The victims are instructed to buy gift cards worth hundreds of dollars from popular stores and then send photos of the cards’ codes to the attackers.

The emails purport to come from someone the victim knows personally, so the victim is more likely to trust the sender’s claims that the money will be reimbursed. Rich Sparrow, Penn State’s acting chief information security officer, said the attackers are putting a great deal of effort into making the emails seem legitimate.

“These attacks are highly targeted and personalized to one person or a group of Penn State employees who share a connection,” Sparrow said. “Hackers can spend months monitoring groups in order to collect data to create a convincing message.”

While the recent wave of attacks against Penn State is focused on gift card fraud, universities are also major targets for espionage-related attacks. Students, faculty, and staff are all targets, and they need to be taught how to recognize and thwart social engineering tactics.

“The best way to defend yourself is to be aware,” Sparrow continued. “Verifying that it is indeed a coworker with a phone call if you are suspicious is always your best bet for determining whether a sender is legitimate or not.”

Spear phishing attacks are particularly difficult to detect, and Penn State says people should be on the lookout for suspicious requests, even if they seem to come from someone they trust.

“Be wary of emails that ask you to open a file, click on a link, or enter information into a form,” the alert states. “Be especially careful of emails that ask you to enter your Access Account information. Remember: you wouldn’t give a stranger the keys to your apartment — when you give up your Access Account information, you’re doing the same thing with your digital space.”

New-school security awareness training is an essential component of every organization’s security strategy, and it can help your employees spot the fundamental signs of social engineering.

Penn State has the story:

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Ransomware Has Gone Nuclear Webinar

Get the latest about social engineering

Subscribe to CyberheistNews