It’s tax time again. Millions of Americans are filing for returns and making plans for how to use the money. Attackers have other ideas for that tax return.
TurboTax promotes itself as the number one, best-selling tax preparation software. No doubt they hold credentials belonging to millions of Americans who have used them for their taxes. Now, officials report an attacker obtained tax return data through a credential stuffing hack on their platform.
As announced last month, BuckeyePass will protect eTimesheet and eLeave beginning on Sept. 30. Since we began expanding the number of applications protected by BuckeyePass(link is external), we’ve heard some concerns about difficulties connecting because of poor cell or Wi-Fi signals. With some advance preparation, there are always solutions.
Weak Cell Service/No Cell Service – your options:
New semester, new schedule. New tuition payment. Are you sure you are all paid up? So sure that when the scammer calls you threatening to drop your classes if you don’t pay, you are unlikely to hand them your credit card number?
How about that strange text you got from a random number, offering a sweet new job for little work and high pay? You have a few extra hours, right? Why not grab some extra cash while you’re at it?
A phishing campaign has targeted the university, resulting in many students and some faculty and staff receiving numerous fraudulent, harmful messages. The Enterprise Security and OCIO teams are working to address this problem.
Features of this campaign have included:
We wanted to alert faculty and staff to a problem that some university users are having sending email to users with @osumc.edu email addresses. The issue resulted from a configuration change that was necessary to support the long-term roadmap of the email system, but caused some medical center email addresses that were saved (“cached”) in Outlook to become inoperative.
You’ve probably seen many news stories about Facebook and how it handles your personal data. Many of us rely on the online service to keep in touch with family, plan a vacation, chat daily with friends. We rarely think about the digital footprints we leave, or who would ever want to follow our tracks.
Sure, we knew that being fed advertising was part of the deal to use the platform for free. But how many of us actually read the privacy statement when we started using the service? And how many of us noticed the changes they’ve made over time?
Interest in watching Team USA is high. As advertisers vie for your eyeballs with the American flag and the world-famous Olympic rings, it is easy to trust the message. However, just as you should be vigilant about counterfeit merchandise and ticket scams, you should also be aware of your email inbox.
Receive an email about an online lottery promotion where you can win tickets to PyeongChang? All you need to do to win is provide EVERY personal detail about you. What could go wrong, right?
Cyber criminals are naturally drawn to money -- your money. Financial aid awarded to students is a frequent target. This is a challenge for the university, as we often need to contact you about financial aid for legitimate reasons. It is important to recognize the difference between a valid email from Buckeye Link, and a phony one from an attacker. The image posted is an example of what an authorized financial aid email from Ohio State looks like.
KEY CHARACTERISTICS OF FINANCIAL AID EMAILS sent from Ohio state:
Tax related phishing attempts frequently occur, because criminals would love to get their hands on your W-2 so they can steal your identity and/or your tax refund. This article (new for 2018 tax season) is posted to share with you what you should expect and what a legitimate W-2 email sent from Ohio State looks like.
Cybercriminals’ top priority is a real-life payout. For Ohio State student systems, that means criminals may target money that comes to students in the form of refunds, grants, scholarships, loans or other financial aid. If criminals get your user name and crack your password, they may be able to divert funds scheduled for direct deposit into your bank account and send the money to their account instead.
