News and Announcements

Beware of phishing scams during coronavirus outbreak

As news of the ongoing coronavirus pandemic continues to spread, it’s important to protect your personal information, particularly from  email  phishing scams. Cybercriminals intentionally target people in times of crisis or confusion.

Protect yourself today by taking these steps:

Enroll in multi-factor authentication for all eligible services

Enrolling in m ulti-factor authentication  for all eligible services is the single best way to protect your account from password scams. 

Once enrolled, y ou'll  receive  a verification request  via a free app  on your  mobile device  any time someone tries to access  your account . If a login isn't you, press the DENY button and change your password.  F requently-used devices  and browsers can be  remembered for 30 days, but  any time you login from a new device or browser, you will  need  both your password and your enrolled mobile device to complete that login .

Learn to recognize email  scams

While not every unsolicited email is a  phishing attack all messages  should be inspected for suspicious elements. It’s best to ignore and delete  any  email  with  two or more of the following suspicious elements:

  • Unsolicited . Don't trust emails you weren't expecting to receive that ask for information  or prompt you to login .
  • Asking for personal or financial information . Don't reply to emails requesting this information; report them.
  • Deceptive web links.  Hover your mouse on the hyperlink to view its true destination. If you don't recognize  the destination , don't click.
  • Variations of legitimate addresses .  For example, a scam  email  might use an address that ends with  @ohio-edu.org instead of @ohio.edu.
  • Fake sender's address . Click the sender's name to view their email address.
  • Requesting urgency . The attacker wants you to act quickly so you don't notice the email is suspicious.
  • Fraudulent sites often don't start with https  (the s stands for secure). Never sign into websites that aren't using https.
  • Misspelled words and bad grammar . A legitimate  sender  would proofread  the message  and fix these errors before sending.

Some attackers will  use publicly-available information to impersonate friends, relatives, coworkers and other trusted contacts  to make their messages more believable . This information is gathered  via  social media or other websites. To combat this, search for your name online and see what information is  returned Consider modifying your social media privacy settings to limit what details appear in search results. 

If you would like to learn more about how to protect your account, email  security@ohio.edu  and ask to be enrolled in OIT’s online IT Security training.

View Site in Mobile | Classic
Share by: