UNIVERSITY PARK, Pa. — Penn State IT Information Security is cautioning all students, faculty and staff to remain vigilant about securing their email in light of a recent surge of spam and phishing email messages. Kyle Crain, acting chief information security officer, said email users should carefully read messages, particularly ones that urge immediate response, and evaluate all Multifactor Authentication (MFA) requests before taking action.
"Bad actors have accessed Penn State accounts and are spamming our community with emails that may appear to come from a sender within Penn State. These messages often have the word 'urgent' or 'alert' in the subject line and should be deleted," he said.
Crain also advised email users to confirm MFA notifications granting access to their accounts only when they actively attempt to access email, Canvas, LionPATH or another Penn State resource.
"MFA is a second form of authentication that helps to confirm your identity," Crain said. "Do not provide the MFA code if you are not trying to log in to your account, even if you receive a notification. We also will never request anyone's MFA code by phone, email or text."
If recipients have any questions about the legitimacy of an email, they may forward it to phishing@psu.edu, and the IS team will investigate it further. To see examples of the latest phishing scams, please visit Penn State's Phishing web page.