OIT issues reminders to help identify malicious emails

Phishing is the practice employed by cybercriminals of sending fraudulent emails out to hundreds of people, hoping a few recipients will willingly provide their valuable private information by clicking malicious links or accessing attachments.

According to Deloitte, a global audit and risk assessment firm, 91 percent of all cyberattacks begin with a phishing email to an unexpecting victim. 

As there is no concrete way to prevent phishing attacks, being aware and knowledgeable of common tactics used by cybercriminals is your strongest line of defense in protecting yourself and your data. Keep these suspicious elements in mind when you receive unexpected emails from unknown senders, and ignore emails that contain the following: 

• Offers that are too good to be true. If it sounds too good to be true, it probably is. Part-time job scams often offer to pay an exorbitant amount of money for a simple task.
• Requests for personal or financial information. Don't reply to emails requesting this information; report them by forwarding the message as an attachment to security@ohio.edu.
• Variations of legitimate addresses. For example, an email address ending in @ohio-edu.org instead of @ohio.edu should alert you that something is not quite right.
• Fake sender's address. Click the sender's name to view and verify their email address.
• Urgency or quick deadlines. The attacker wants you to act quickly so you don't notice the email is suspicious.
• Websites that don’t begin with “https”. The "s" stands for secure. Never sign into websites that aren't using https in the URL.
• Misspelled words and bad grammar. A legitimate email sender would proofread and fix these errors before sending.

If you receive an email that you suspect is phishing, please forward the email as an attachment to security@ohio.edu. If the Information Security team confirms that the email is malicious, they will post it to the Phish Bowl to warn others in the Ohio University community. 

Additionally, the Information Security Office has created email best practices so you can avoid crafting or distributing messages that could be mistaken for phishing. If you have additional questions or concerns regarding malicious emails, please contact the Information Security Office.