Peter Gondre

“I was so scared,” a Penn State student who wants to remain anonymous confides. The student was the victim of a fake text alert claiming to be by University staff. “They were very good, I thought it was Penn State.”  The scammer then took her email to send fake job offers to other students that looked even more legitimate.

According to the US Information Security website, phishing is “A technique for attempting to acquire sensitive data, such as bank account numbers, through a fraudulent solicitation in email or on a web site, in which the perpetrator masquerades as a legitimate business or reputable person.”

Phishing or imposter scams have been around a long time, but phishing scammers have hit the strategy of targeting college students through common student interests. Typically the red flags are relatively obvious. They might ask for money up front, or send emails riddled with spelling errors. But the rise of legitimate online only and work-from-home jobs has made the distinction more muddled. 

Online only job scams fall under the category of e-commerce scams. The Abington Sun has an article covering them and other types of scams. According to the article, “An E-commerce fraudster may for example tell you you can make a ridiculous amount of profit by joining into a suspiciously easy business after paying a small fee. Or they’ll ask you to enter a contract with them wherein they gain access to your personal information.”

Penn State students and staff are used to getting emails regarding things like campus news or policy changes, but sometimes scammers pose as Penn State administration or partnered services. The Penn State Information Security website, security.psu.edu, is a great resource to aid in identifying, reporting, and responding to phishing scams. 

The website goes over how some scammers use fake administrative accounts, telling you that your password is expired, when in reality Penn State accounts now let you keep the same passwords as long as you want. Some scammers may even use legitimate compromised accounts. In any case, verify the identity of anyone you do business with or asks for information online.

If you have been the target of a scammer or have any kind of suspicion toward an email, do not respond, or open any links, or open any attachments. Forward the email to phishing@psu.edu.