Ä¢¹½ÊÓƵ

Your University credentials—your username and password—provide access to valuable information.

Examples of such information include, but are not limited to University systems, data, email and personal employee information, such as direct deposit details and employee benefits information. Bad actors want access to this valuable information and may trick you into providing your credentials to them via social engineering attacks.  

How could this happen? 

Malicious email messages targeting University employees is a common way that bad actors attempt to gain access to sensitive information and systems. These emails may appear legitimate and direct you to click a link, which leads to a form requesting your username and password. If you enter your credentials, the attacker may gain access to your Ä¢¹½ÊÓƵ University account. This allows the bad actor to gain unauthorized access to University and personal employee information. 

What could happen if I fall for a phishing email?

Falling for a phishing email could have financial consequences for you and/or the University. A compromised OHIO account may result in unauthorized access to University data, your personal employee information, or even data loss.  

What are my responsibilities?  

• You have a responsibility to protect your OHIO account and the corresponding credentials that provide access to that account.
• Be vigilant: do not click on suspicious links and attachments and never provide your University credentials or accept a multi-factor authentication push, unless you are actively logging into University services.
• As a reminder, the University will never request that you provide OIT or other representatives with your password, nor will the University request that you enter your credentials into something like a Google form. 

How can I protect my account? 

To help you protect your University account and aid you in protecting your corresponding credentials the University provides several tools and resources as follows:  

Multifactor Authentication 

The University requires multifactor authentication for University services. Multifactor authentication combines something you know, such as your password with something you have, such as a smart phone as a second layer of security.

By applying a secondary layer of authentication, it validates that the individual accessing the system is in fact the user. This second layer of security means that even if a bad actor has a user’s password, they will also need access to their smart phone, the telephone number provided or the text message sent to the user to complete the authentication process required to access the University system.

It is important to remember that you should never accept a multifactor authentication push or phone call if you are not actively logging into that University system. 

An external banner warning on messages 

Messages that originate from outside of Ä¢¹½ÊÓƵ University will have a banner warning at the top as follows: 

Image

OHIO’s Phishbowl 

The Phish Bowl is a tool designed to promote phishing awareness. Phishing is the top social attack on businesses, responsible for more than 90% of security breaches. There is no concrete way to prevent phishing attacks, meaning awareness is our strongest line of defense. As phishing messages are reported, they will be posted here along with a verdict and a date.  

Resources to help identify malicious email messages 

The Ä¢¹½ÊÓƵ University Information Security Office provides resources to empower our community with the knowledge to identify, report and mitigate these attacks.

Additionally, Ä¢¹½ÊÓƵ University has launched a new digital microlearning resource to help OHIO faculty, staff and students identify and avoid email phishing scams. The training can be accessed by using the following link . This short training in Canvas provides members of our OHIO community with tools and resources useful for protecting their finances, private data and University systems.

If at any time you have questions or concerns about an email message, you can contact OHIO’s Information Security Office via telephone at 566-SAFE or via email at security@ohio.edu. The Information Security Office will be happy to investigate the message and confirm its legitimacy for you.