January 2024 – HealthEquity Phishing Email

An email sent to Penn State employees starting Monday, 01/08/2024, with subject line “Important information About Your Health Equity Account” is a phishing email.
 
Do not click the link in the email. If you have clicked the link and provided your PSU password, please go to accounts.psu.edu, and change your password immediately. Please do not accept any unexpected Duo/MFA authentication requests if you are not actively signing in. PSU will NEVER text you for your MFA code. 

If you clicked the link and provided the login for your HealthEquity account, then you would need to go in and manually change it or you could reach out to Member Services at (866) 346-5800 and Health Equity can assist with changing your password.

While it's not unusual to receive an email from HealthEquity, the link in the email does not go to healthequity.com. You can hover over the URL to see where it goes before clicking on it. HealthEquity emails come from [email protected], while this email came from [email protected]. This can be a sign of phishing. 
 
When you get an email requesting urgent action, take a moment to examine it extra carefully before you proceed. Anyone can make an email impersonating Health Equity, but if you forward the email to [email protected] we can let you know if it is phishing. 

Please forward the email to [email protected] and [email protected]. You can also see https://www2.healthequity.com/protect for more steps on how to report this to Health Equity if you believe your account was compromised. HealthEquity has also been made aware of this phishing attempt for HealthEquity data.

Thank you for being vigilant and changing your password(s) as needed.