Phishing Emails Impersonating University Leaders

The university community has been reporting more instances of phishing email attempts than usual to Ohio State Enterprise Security.

Cybercriminals have begun to use familiar names of senior leaders at Ohio State, such as President Drake, in an effort to gain your trust. These bogus phishing emails are examples of spoofing.

Spoofing emails are often written with an urgent tone and convey that your manager or even President Drake needs you to do something immediately, such as share your password, disclose tax information or wire transfer money. Cybercriminals often specifically target employees within HR and Payroll departments in hopes of gaining access to as much valuable information as possible.

Keep these tips in mind to protect yourself from fraudulent emails:

  1. Take a moment to think before you act. Be wary of emails that ask you to do something you wouldn’t normally do, even if a message appears to come from university leadership.
  2. Compare the sender’s “from” email address along with the “reply-to” address.
  3. Verify your email address shows in the “to” field.
  4. Be wary of red flags such as poor spelling and grammar. See sample screen shot below.
  5. Never provide your login credentials or any personal information. The Ohio State University will NEVER ask you for this kind of information by email.
  6. If a message appears suspicious, contact the sender via phone and verify it is legitimate before clicking any links or replying.
  7. Use caution when clicking links. Hover over links to check that the address matches where the link is intended to go or simply type the address of the website you want to visit in your browser yourself.

spoof-phish-march-18-2016.png

For more assistance contact your local IT support or the IT Service Desk at 614-688-HELP (4357) (TDD: 614-688-8743) or 8help@osu.edu for verification and advice.

Report suspicious phishing/spoofing email to: report-phish@osu.edu.

Additional resources:

Always be sure you are handling information in accordance with the Ohio State Institutional Data Policyhttps://go.osu.edu/idp  

IRS Bulletinhttps://www.irs.gov/uac/Newsroom/IRS-Alerts-Payroll-and-HR-Professionals-to-Phishing-Scheme-Involving-W2s

OSU Phishing Resourcehttps://go.osu.edu/phishing