Online Security: Protect Yourself from Phishing Scams

Categories: Computer Tips

October 16th, 2025

Phishing is the most common type of cyber crime. Billions (yes, billions) of phishing emails are sent every day worldwide. Almost everyone has received a phishing email at some point, including many of us in the Penn State World Campus community. There are many different types of phishing emails, and some of the tactics can be very clever, so we want to be sure you know what to look for and how to protect yourself from these scams.

Rick Wert, information technology security and privacy officer at Penn State, answered our important questions about how to spot and avoid phishing scams.

What is “phishing,” and what are people sending these emails hoping to accomplish?

A phishing attack is a type of cyber attack that uses deceptive tactics to trick someone into revealing sensitive data, such as a password, credit card numbers, or personal data about themselves. The bad actor will then use the person’s data to act on behalf of that person to commit fraud or attempt to steal additional information.

What are some of the most common types of phishing scams?

Employment opportunities, “urgent” reminders to change your password, and gift card scams. The first two are the most common ones we see in emails targeting students.

What are some obvious clues that an email may be a scam?

Offers will seem too good to be real or will say you have to act “NOW” or it is an “Urgent” request. Some may include attachments; others will include links. Tip: Hover the cursor over the link (without clicking on it) or right-click the link and select “properties” to see where the link is trying to take you. Also, watch for misspelled words or switched letters within the link. Example: nittanyloins.psu.edu or penstate.psu.edu. This can be very easy to miss.

What should a student do if they receive an email that seems suspicious?

If a student receives a suspicious email, they can report it by forwarding the email to [email protected]. If the email turns out to be valid, OIS will notify you that it is safe. If it is phishing or an otherwise bad email, OIS will notify the O365 team to help block and remove it so others do not receive or fall for it.

Are there any tools or programs students can use that might flag suspicious emails or alert them to possible scams?

Students can visit the Phishing page on the Penn State Information Security website for more resources and information.

Anything else students should know about avoiding phishing scams?

If the email uses URGENT or YOU MUST ACT NOW language or asks for your bank or credit card information, it has a high chance of being a phishing email. If you receive an email from someone you do not know, use caution — especially if it contains any links or attachments.