This week we’ve seen a surge of phishing attacks against the university. Most recently we spotted a malicious website posing as a login page for BuckeyeMail and wanted to bring it to your attention. Please avoid clicking on links in emails when possible and always verify you are on the correct, official site before entering your user name and password.
Here is a screen shot of the website we found; you can identify it as a fake because of the URL:
Here is the authentic BuckeyeMail login site, notice the URL is login.microsoftonline.com:
Tips to Stay Safe
- Don’t click links from untrusted sources.
- Bookmark websites you visit often, so when you have a reason to go there you can use your bookmarks or type the URL instead of using links you find online or in an email.
- Never reply to an email that asks you to send personal or account information.
- Don’t click links that supposedly take you to an official website when you receive an email that looks suspicious or asks you for your password or other personal information..
- Never open any file attached to a suspicious-looking email.
- Ask the IT Service Desk (614-688-HELP  | TDD: 614-688-8743) to verify an email that looks suspicions but appears to come from Ohio State. If it appears to be from an official source for a relationship you have outside of the university, like your bank or a shopping site, contact the company's customer service via phone or web to verify that the email is legitimate.
- Search the web for the email subject line followed by the word “hoax” to see if anyone else has reported it as a scam.
If you receive an email phish please report it to email@example.com. By informing us, we can more easily target and block other emails and sites from the same source. If you feel you may have entered your Ohio State credentials on a malicious website please reach out to firstname.lastname@example.org for assistance.
We hope you never get hooked by a phishing scam, but we are here to help you if you do. Don't hesitate to contact us.