Criminals are opportunists, and unfortunately many will take advantage of the fear and uncertainty surrounding COVID-19 (Coronavirus) to launch phone scams and phishing campaigns.
Some of our users have recently reported seeing a widely-used Username and Password scam that cybercriminals are using to extort money from recipients. Our email security software has been stopping these messages and sending a follow up notification that a malicious email has been contained. But cybercriminals change tactics regularly, so we wanted you to be aware in case a message gets through our defenses.
It’s tax time again. Millions of Americans are filing for returns and making plans for how to use the money. Attackers have other ideas for that tax return.
TurboTax promotes itself as the number one, best-selling tax preparation software. No doubt they hold credentials belonging to millions of Americans who have used them for their taxes. Now, officials report an attacker obtained tax return data through a credential stuffing hack on their platform.
As announced last month, BuckeyePass will protect eTimesheet and eLeave beginning on Sept. 30. Since we began expanding the number of applications protected by BuckeyePass(link is external), we’ve heard some concerns about difficulties connecting because of poor cell or Wi-Fi signals. With some advance preparation, there are always solutions.
Weak Cell Service/No Cell Service – your options:
New semester, new schedule. New tuition payment. Are you sure you are all paid up? So sure that when the scammer calls you threatening to drop your classes if you don’t pay, you are unlikely to hand them your credit card number?
How about that strange text you got from a random number, offering a sweet new job for little work and high pay? You have a few extra hours, right? Why not grab some extra cash while you’re at it?
A phishing campaign has targeted the university, resulting in many students and some faculty and staff receiving numerous fraudulent, harmful messages. The Enterprise Security and OCIO teams are working to address this problem.
What to look for
Features of this campaign have included:
We wanted to alert faculty and staff to a problem that some university users are having sending email to users with @osumc.edu email addresses. The issue resulted from a configuration change that was necessary to support the long-term roadmap of the email system, but caused some medical center email addresses that were saved (“cached”) in Outlook to become inoperative.
You’ve probably seen many news stories about Facebook and how it handles your personal data. Many of us rely on the online service to keep in touch with family, plan a vacation, chat daily with friends. We rarely think about the digital footprints we leave, or who would ever want to follow our tracks.
Sure, we knew that being fed advertising was part of the deal to use the platform for free. But how many of us actually read the privacy statement when we started using the service? And how many of us noticed the changes they’ve made over time?
Interest in watching Team USA is high. As advertisers vie for your eyeballs with the American flag and the world-famous Olympic rings, it is easy to trust the message. However, just as you should be vigilant about counterfeit merchandise and ticket scams, you should also be aware of your email inbox.
Receive an email about an online lottery promotion where you can win tickets to PyeongChang? All you need to do to win is provide EVERY personal detail about you. What could go wrong, right?
Cyber criminals are naturally drawn to money -- your money. Financial aid awarded to students is a frequent target. This is a challenge for the university, as we often need to contact you about financial aid for legitimate reasons. It is important to recognize the difference between a valid email from Buckeye Link, and a phony one from an attacker. The image posted is an example of what an authorized financial aid email from Ohio State looks like.
KEY CHARACTERISTICS OF FINANCIAL AID EMAILS sent from Ohio state: