Protect your email: How to spot password scams
The start of the academic year is a busy time, not only for faculty, staff and students, but also for cyber attackers. Email scammers like to target universities in the weeks leading up to the start of a semester, hoping to take advantage of first year students anxious to get off on the right foot and returning students, faculty and staff who may be distracted by the demands of opening week.
Email scams can take many forms, but they all have one thing in common. They all ask you to provide your password or other personal information. Entering your OHIO ID and password in response to an email scam hands your credentials over to the scammer and results in your account being compromised.
How to avoid getting scammed
- If you didn't request it, don't trust it: We will NEVER send you an unsolicited email that asks you to log into a web page or provide personal information. If you receive such a message, it is a scam.
- Look before you click: To see the true destination of an email link, hover your mouse over the link (on a computer) or press and hold on the link (on a phone/tablet). If you don't recognize the destination, don't click!
- Watch out for deceptive link names: Scammers often use variations of legitimate site names, like "ohio.edu.org" instead of "ohio.edu."
- Be suspicious of urgent messages: Don't let a scammer scare you into clicking a link. We will NEVER require you to click a link to keep something bad from happening to your account.
- If it sounds or looks weird, don't trust it: Official messages from the University are carefully proofread before being sent. If a message has bad grammar, misspelled words, or a strange format with no content other than a button or link, it's probably a scam.
Visit Stay Safe Online to learn more about protecting yourself from email scams.
What to do if you receive a suspicious message
- Verify it: If you recognize the sender (IT Service Desk, a University department, a colleague or friend, etc.), verify the link independently. Call or chat with the sender to ask if the link is legitimate BEFORE you click. Don't just reply to the email - if it's a scam, the scammer will simply reply to you that, of course, it is legitimate!
- Report it: You can forward suspicious messages to security@ohio.edu. Our information security staff can tell at a glance if a message is a scam, and they can take steps to prevent that message from harming other recipients if it is.
What to do if you clicked on a scam link
If you clicked on a link or button in a scam email and entered your OHIO ID and password into the resulting site, you should change your password immediately. If you are unable to log into the password change tool, contact the IT Service Desk immediately.