As with the beginning of most school years, we have and will continue to see an increase in the number of electronic “phishing” attempts on students, faculty, and staff alike. Phishing scams are a form of “Social Engineering,” in which someone attempts to trick you into giving them your sensitive information – usernames and passwords, access to your computer, or even in some recent cases, false claims that attempt to extort money. Many of these scams are carried out through email, but also often come through text messages, regular voice calls, or social media. Messages can look as if they have come from a familiar institution or an individual that you trust.
A common theme of these messages is to play on your emotions, sometimes including disturbing or enticing information that provoke you to act. They may try to create a false sense of urgency by saying "your account will be deleted," "you are over your email storage space," or “we have compromising information of you.” They often urge you to act immediately to "update" or "verify" your account information. Often, they will urge you to send money or cash a check as well.
Some things you can do:
-
Always think before you act. Be wary of communications that implore you to do so immediately or warns of negative consequences if you do not act now.
-
If it looks suspicious (even if you know the person or source), please contact the IT Service Desk for verification and advice before taking any action.
-
Do not provide your login credentials or any personal information. The Ohio State University will NEVER ask for your account information by email or phone.
-
If you receive a suspected phishing message, please use the "Report Phishing" button to report it so that the message can be stopped from possibly fooling someone else! If you don't have access to the "Report Phishing" button, you can also forward the message to report-phish@osu.edu.