Recent e-mails have circulated among a large number of Ohio State students, faculty and staff asking for personal information. Although these e-mails look similar to university e-mails, they are illegal phishing scams.
"Phishers send an e-mail or pop-up message that claims to be from a business or organization that you may deal with," according to the Federal Trade Commission Web site.
"The message may ask you to 'update,' 'validate,' or 'confirm' your account information."
The most recent phishing attempt appeared as an e-mail from Ohio State News. The e-mail told recipients to log on for the latest news and information about OSU, and then directed recipients to what looked like the OSU Webmail page. Once logged on to that page, visitors were simply directed to the Ohio State Newark Web page.
"It is important to know that at no point will any information regarding the university as a whole be password protected for students," said Shawn Sines, an information security outreach specialist. "Changes about the university are always posted at osu.edu; the general public can always see them and you don't have to log on to access that information."
When recipients log on to the faux Webmail page, their username and password is recorded so scammers can sell that information to black market scammers, Sines said.
Scammers can use university login information to send spam e-mails in bulk, which can block normal e-mail activity, Sines said.
"The second thing and really the bigger risk … is that [the scammer] can assume your identity here within the university," he said.
This is not the first attempt scammers have made to take information from the OSU students and staff.
"There are phishing scams that have been going on at OSU since the beginning of the year that looked like they were coming from the [Office of Information Technology]," said Kristina Torres, communications manager at the Office of the Chief Information Officer.
There are a few things students and staff should know to protect themselves from future phishing attempts, Sines said.
"Anything that asks for your password or your user account and looks like it comes from an OSU authority is fake," Sines said. "There should never be any communication that asks you for your password or your login. … Legitimate organizations, they already have that information."
Students should also be careful about the amount of personal information they share on social networking sites, Sines added.
Torres offered a quick way to see if a link in an e-mail is valid.
"If you get an e-mail that you don't think is valid, you can copy and paste the URL into your browser and see where that leads you to," Torres said.
"A lot of times how it looks in your e-mail is actually different than where the URL will send you."
If someone has already given out personal information or would like to report a suspicious e-mail, contact 8help or security@osu.edu. For more information, visit safecomputing.osu.edu.
Tatum Shroyer can be reached at shroyer.50@osu.edu.
Be the first to comment on this article!