Watch Out for Financial Aid-related Phishing Schemes

Cyber criminals are naturally drawn to money -- your money. Financial aid awarded to students is a frequent target. This is a challenge for the university, as we often need to contact you about financial aid for legitimate reasons. It is important to recognize the difference between a valid email from Buckeye Link, and a phony one from an attacker. The image posted is an example of what an authorized financial aid email from Ohio State looks like.

KEY CHARACTERISTICS OF FINANCIAL AID EMAILS sent from Ohio state: 

  1. All links in email will point to the domain osu.edu.
  2. The sender in the “from” address is from an Ohio State domain, specifically buckeyelink@osu.edu (this is link from which we send e-mail)
  3. The email will have detailed instructions on how to safely submit documentation
     

Remember, here are a few of the indicators you can look for to spot phishing emails:

  • Were you expecting it? Messages from unknown senders are an obvious red flag, but cybercriminals are also known to use email addresses that look like they came from Ohio State or another legitimate organization.
  • Are there spelling and grammar errors? Phishing messages may contain poor spelling and grammar. If a message has multiple errors, that is a good indicator that it could be a phish.
  • Are the links legit? Links can be deceptive and may appear to include domains you know. You can use your mouse to hover over a link before you click to see if it's pointed to a legitimate site.
  • Is it getting personal? Phishers try to gather personal information about you so they can do things like steal your identity or empty your bank account. Never provide information via email; verify that the request is real.
  • Are they in a hurry? Cybercriminals want you to act quickly, without thinking about the repercussions. Be suspicious of claims that a matter is urgent and must be attended to immediately.
  • Are you being asked to download or install something? Be careful opening attachments to emails and visiting websites. Some websites install malicious software on your computer just by visiting them or will prompt you to install content or download a file. If you are instructed to do this, you should always decline. 

Most importantly…don’t be embarrassed if you click on something suspicious…SAY SOMETHING! Alerting the IT Service Desk or forwarding the email to report-phish@osu.edu may allow our technicians to help you and to block the sender so other students aren’t deceived by the same scam.

If you think you may have clicked on a link in a phishing email, please report by using your report phish button (if applicable) or by forwarding it to report-phish@osu.edu(link sends e-mail).