Criminals are opportunists, and unfortunately many will take advantage of the fear and uncertainty surrounding COVID-19 (Coronavirus) to launch phone scams and phishing campaigns.
Some of our users have recently reported seeing a widely-used Username and Password scam that cybercriminals are using to extort money from recipients. Our email security software has been stopping these messages and sending a follow up notification that a malicious email has been contained. But cybercriminals change tactics regularly, so we wanted you to be aware in case a message gets through our defenses.
New semester, new schedule. New tuition payment. Are you sure you are all paid up? So sure that when the scammer calls you threatening to drop your classes if you don’t pay, you are unlikely to hand them your credit card number?
How about that strange text you got from a random number, offering a sweet new job for little work and high pay? You have a few extra hours, right? Why not grab some extra cash while you’re at it?
A phishing campaign has targeted the university, resulting in many students and some faculty and staff receiving numerous fraudulent, harmful messages. The Enterprise Security and OCIO teams are working to address this problem.
What to look for
Features of this campaign have included:
Interest in watching Team USA is high. As advertisers vie for your eyeballs with the American flag and the world-famous Olympic rings, it is easy to trust the message. However, just as you should be vigilant about counterfeit merchandise and ticket scams, you should also be aware of your email inbox.
Receive an email about an online lottery promotion where you can win tickets to PyeongChang? All you need to do to win is provide EVERY personal detail about you. What could go wrong, right?
Like many large organizations, Ohio State email accounts continue to be targets of an increasing number of email phishing attacks. We block many of these attacks before they can reach you, but cybercriminals are constantly devising ways to elude our defense systems. Users like you assist us in detecting even more emails by reporting suspicious messages so we can block them before they target other users.
As you know, on Friday there was a worldwide ransomware attack. Though that attack is currently partially halted, there are additional versions currently released that are live and active. Technical staff should be aware that this family of ransomware works by exploiting the Server Message Block vulnerability. Microsoft released patches on March 14 to address this.
A new type of phishing scam is targeting online shoppers, reminding us to be aware of how we interact with websites and that phishing attacks can come from many sources, not just email!
The Enterprise Security team's mission is to improve the security awareness and profile of the university. We wanted to make you aware of this scam that could cause you loss as a consumer.
The Internet Crime Complaint Center (IC3) has issued an alert on employment scams targeting college students. Phony job opportunities are advertised via college employment websites or sent to students’ university email addresses. Unfortunately, students who have taken the bait have suffered financial losses. For more information and tips on avoiding these scams please review the IC3 Alert.
Adobe has released security updates to address vulnerabilities in Adobe Acrobat, Reader, and Flash Player. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.