The Enterprise Security team's mission is to improve the security awareness and profile of the university. This includes making you aware of important cybersecurity new items. A Joint Analysis Report has been released by US-CERT providing details on malicious activities undertaken by Russian Civilian and Military Intelligence Services (RIS).
This week we’ve seen a surge of phishing attacks against the university. Most recently we spotted a malicious website posing as a login page for BuckeyeMail and wanted to bring it to your attention. Please avoid clicking on links in emails when possible and always verify you’re at the site you meant to be at before entering user name and password. If you receive an email phish please report it to firstname.lastname@example.org. By informing us, we can more easily target and block other emails and sites from the same source.
Have you ever received a suspicious email from someone claiming they work for the IRS? Or an out-of-place phone call that asks you to respond to the IRS immediately? What about an unexpected text with an attached tax form? You’re not alone!
We want to alert Ohio State students to a fraudulent scheme involving a third party offering to pay your Ohio State tuition charges in order to save you money. This information has also been shared with students by Ohio State Enrollment Services.
In this scam, a person asks for your Ohio State username and password to pay your tuition charges by credit card. Once you receive a confirmation of the credit card payment, you are instructed to send the person a wire transfer payment or a check for that amount less 5 percent.
Despite receiving a confirmation of the credit card payment, the payment is fraudulent and will eventually be rejected by the credit card company, leaving you with a balance still due to Ohio State.
Rockhurst University in Kansas City was targeted with a phishing scam that resulted in the theft of W-2 information from nearly 1,200 university employees. Ohio State was targeted by a similar scheme, but the administrator involved recognized that the email was a phishing message and promptly reported it to email@example.com
The university community has been reporting more instances of phishing email attempts than usual to Ohio State Enterprise Security.
Cybercriminals have begun to use familiar names of senior leaders at Ohio State, such as President Drake, in an effort to gain your trust. These bogus phishing emails are examples of spoofing.
Enterprise Security staff at Ohio State are seeing an increase in the volume of phishing emails offering users attachments, links or instructions for downloading their W-2 forms. These are fraudulent emails designed to steal your identity and Social Security number. See the full article for tips on how to spot a scam.
Central Ohio is adding an area code – 380 – requiring a switch to 10-digit dialing. Callers will need to dial the area code (three digits) followed by the phone number (seven digits) for all local calls. Central Ohio added an area code to increase the number of available phone numbers; with an additional area code identical 7-digit phone numbers with different area codes can be issued in the same geographical area. 10-digit dialing can be used immediately, but it becomes mandatory across central Ohio for all local calls on Jan 30. There is no change to dialing numbers only require 5 digits on campus – if you currently use 5 digits to dial a number on campus, such as 8-4357 (8-HELP), you will continue to use five digits to dial these numbers
As of mid-January 2016, Microsoft will no longer support versions of the Internet Explorer Web browser older than IE11. Many of Ohio State's key enterprise systems have been tested with IE11 and no major issues have been discovered. However, the eReports service will require some browser modifications by desktop support staff. While the full article contains tech-heavy details that may not be meaningful to everyone, it does provide an overview of what desktop support staff will be need to do to help those who need assistance configuring their IE Web browser. Deployment of IE11 begins Monday, January 4, 2016.
Box will be discontinuing support for Internet Explorer 8 (IE 8) on December 31. As of January 2016, Microsoft will no longer support updates for IE 8, meaning that Box users on this browser will have a poor experience because certain features will not work as expected. Moreover, Microsoft will stop issuing out security patches for IE 8 making the browser vulnerable. We recommend that all Internet Explorer 8 users upgrade to Internet Explorer 10 or 11 or an alternatively supported browser in order to continue using Box after December 31.