Beware of phishing scams during coronavirus outbreak

As news of the ongoing coronavirus pandemic continues to spread, it’s important to protect your personal information, particularly from email phishing scams. Cybercriminals intentionally target people in times of crisis or confusion.

Protect yourself today by taking these steps: 

Enroll in multi-factor authentication for all eligible services 

Enrolling in multi-factor authentication for all eligible services is the single best way to protect your account from password scams.  

Once enrolled, you'll receive a verification request via a free app on your mobile device any time someone tries to access your account. If a login isn't you, press the DENY button and change your password. Frequently-used devices and browsers can be remembered for 30 days, but any time you login from a new device or browser, you will need both your password and your enrolled mobile device to complete that login. 

Learn to recognize email scams 

While not every unsolicited email is a phishing attack, all messages should be inspected for suspicious elements. It’s best to ignore and delete any email with two or more of the following suspicious elements: 

• Unsolicited. Don't trust emails you weren't expecting to receive that ask for information or prompt you to login. 
• Asking for personal or financial information. Don't reply to emails requesting this information; report them.
• Deceptive web links. Hover your mouse on the hyperlink to view its true destination. If you don't recognize the destination, don't click.
• Variations of legitimate addresses. For example, a scam email might use an address that ends with @ohio-edu.org instead of @ohio.edu.
• Fake sender's address. Click the sender's name to view their email address.
• Requesting urgency. The attacker wants you to act quickly so you don't notice the email is suspicious.
• Fraudulent sites often don't start with https (the s stands for secure). Never sign into websites that aren't using https.
• Misspelled words and bad grammar. A legitimate sender would proofread the message and fix these errors before sending. 

Some attackers will use publicly-available information to impersonate friends, relatives, coworkers and other trusted contacts to make their messages more believable. This information is gathered via social media or other websites. To combat this, search for your name online and see what information is returned. Consider modifying your social media privacy settings to limit what details appear in search results.  

If you would like to learn more about how to protect your account, email security@ohio.edu and ask to be enrolled in OIT’s online IT Security training.