Changing your password is a good measure if you fear that somebody might have been illegally using your account, but the mails you have been receiving recently are probably caused by a virus and not by a hacking attempt into your PSU account.
There are a number of viruses/worms that can forge the sender's address (the virus designated "Klez" is one of them, for instance). The main characteristic such viruses share is that they all make the infected machine send email messages (containing the virus in their turn) to any email address it finds in the user's contact email list. The subject line and name of the attached file (typically with the .exe, .pif, .bat, or .scr extension) are random and do not have a specific label.
At Penn State, many users have received email messages which appear to be from email@example.com, firstname.lastname@example.org, as well as several others when in fact, the messages are not from those senders.
You should forward the infected email showing the FULL headers of the infected mail to email@example.com
Only by looking at those headers the people at the Security Operations and Services (SOS) might be able to determine the real sender of the mail in question and, in case the email came from a Penn State domain, block the infected computer from sending out more email until it is disinfected.
For tips on how to display full headers on different email programs see: http://sos.its.psu.edu/header.html
Information about computer viruses and how they work can be found at: http://its.psu.edu/virus.html
Never open an email attachment you were not expecting. Be certain you have an updated version of anti-virus software.
Penn State supplies Symantec Antivirus Corporate Edition to all faculty, staff, and students. Symantec Antivirus can by downloaded from downloads.its.psu.edu.
Inquiries and reports about this and other viruses should be directed to the Penn State Security Operations and Services (SOS) at firstname.lastname@example.org.