Here’s an example of a classic “tailored for UD” phishing scam that arrived in UD inboxes in late September.
Note that it tried to tie udel.edu with PNC–since the scammer knew that UD and PNC have a business arrangement. At first glance, it looks believable, even including some fake mumbo-jumbo about encryption at the end. But look carefully:
- The From, To, and Reply-To fields are all spoofed Penn State addresses–not UD addresses.
- Look at the typos: Pnc instead of PNC, Customers instead of customers’, the British
spelling of unauthorised, etc. - Look carefully at the link the scammer wanted you to click. Notice how it does not lead to either a udel.edu address or a pnc.com address. If you were to click on it, it would try to take you to a file in a folder on a server at blogdns.org.
We reported this one to the proper authorities. And we urged the UD community to delete it.
From: PNC Subject: *** Online activity confirmation code MBQCKCJPHP Date: September 23, 2011 9:27:51 AM EDT To: support@tr22g10.aset.psu.edu Reply-To: fhzqje@psu.edu Dear customer, Pnc Bank has been receiving complaints from our customers regarding unauthorised use of the Pnc Online Banking accounts. As a result we are making an extra security check on all of our Customers account in order to protect their information. We now need you to re-confirm your account information to us. If this is not completed by September 25, 2011, we will be forced to suspend your account indefinitely, as it may have been used for fraudulent purposes. To confirm your Online Banking records click on the following link: http://www.pnc.com.studentsof.blogdns.org/pncbank.com/index.php?EDU=UDEL.EDU-241FF Thank you for your cooperation in this matter. Pnc Bank Customer Service Please do not reply to this e-mail as this is only a notification. Email sent to this address will not be answered. 2011 Pnc Bank Corporation. All rights reserved. Encryption Layer 128-bit CBMCQSOWYMOIKJLIMTMHPQYWMUENPOBKKKEUXM