Fake PNC email message

Here’s an example of a classic “tailored for UD” phishing scam that arrived in UD inboxes in late September.

Note that it tried to tie udel.edu with PNC–since the scammer knew that UD and PNC have a business arrangement. At first glance, it looks believable, even including some fake mumbo-jumbo about encryption at the end. But look carefully:

  • The From, To, and Reply-To fields are all spoofed Penn State addresses–not UD addresses.
  • Look at the typos: Pnc instead of PNC, Customers instead of customers’, the British
    spelling of unauthorised, etc.
  • Look carefully at the link the scammer wanted you to click. Notice how it does not lead to either a udel.edu address or a pnc.com address. If you were to click on it, it would try to take you to a file in a folder on a server at blogdns.org.

We reported this one to the proper authorities. And we urged the UD community to delete it.


From: PNC 
Subject: *** Online activity confirmation code MBQCKCJPHP
Date: 	September 23, 2011 9:27:51 AM EDT
To: 	support@tr22g10.aset.psu.edu
Reply-To: 	fhzqje@psu.edu

Dear customer,

Pnc Bank has been receiving complaints from our customers regarding unauthorised 
use of the Pnc Online Banking accounts. As a result we are making an extra 
security check on all of our Customers account in order to protect their information.

We now need you to re-confirm your account information to us.

If this is not completed by September 25, 2011, we will be forced to suspend 
your account indefinitely, as it may have been used for fraudulent purposes.

 To confirm your Online Banking records click on the following link:

http://www.pnc.com.studentsof.blogdns.org/pncbank.com/index.php?EDU=UDEL.EDU-241FF

Thank you for your cooperation in this matter.
Pnc Bank Customer Service

Please do not reply to this e-mail as this is only a notification. Email sent to 
this address will not be answered.

2011 Pnc Bank Corporation. All rights reserved.
Encryption Layer 128-bit
CBMCQSOWYMOIKJLIMTMHPQYWMUENPOBKKKEUXM