More "chair-based" phishing targeting OSU

Bryan Dunlap dunlap.3 at osu.edu
Thu May 2 15:49:58 EDT 2019 

The past few days, we have seen another round of phishing emails 
targeting OSU, claiming to be from department chairs. These typically 
use the chair's real name but a fake email address.

First, don’t panic!  However, if you’ve given up your password, credit 
card, SSN or purchased items contact ASCTech immediately and see below. 
Scams are very common and the best move is to be vigilant not to fall 
for them.

My recommendations:

  * ·Do NOT respond to any OSU business from a non-osu.edu
    (faculty/staff) or BuckeyeMail email (students).
  * ·Faculty/staff will never ask you to get items such as gift cards or
    transfer money for them.
  * ·Use the “Report Phish” button if you have it in Microsoft Outlook.
    (This gives OCIO Security complete headers.)

      o If you don’t have the button you can forward to
        report-phish at osu.edu <mailto:report-phish at osu.edu>
      o If you use Outlook the button install should be in Self Service
        (Mac) or Software Center (Windows)

  * Look for common signs of phishing:
    https://www.sans.org/security-awareness-training/resources/posters/dont-get-hooked
  * If you respond / click on links / give up your password
    contact ASCTech support immediately: asctech at osu.edu
    <mailto:asctech at osu.edu> .
      o If you do give up your password change it immediately at
        https://my.osu.edu
      o If you give up information such as credit card number, address,
        phone, SSN we will get you in contact with our Security team.
      o With SSN, name, and address that’s enough to start credit
        applications.
      o You may see fraudulent charges on a given up credit card –
        sometimes within minutes – call your bank.
      o If you divulge your phone number be extra suspicious, as you may
        get extra scam calls.
          + (Though honestly with the amount of phone scams you might
            not be able to notice an increase.)
  * Do not allow anyone access to your computer remotely (this is common
    with people claiming to be from Microsoft or Apple tech support).
      o That’s normally a phone call not phishing, but it happens enough
        to mention it here.
      o ASC does sometimes use a tool for this (Bomgar) but we will be
        responding to a specific ticket and identify ourselves - and you
        have to allow access. If you have doubts you can call your local
        support person.


-- 

Bryan Dunlap
/Computer Manager / Unix Systems Administrator/
*The Ohio State University * College of the Arts & Sciences Department 
of Physics
1199 Physics Research Building, 191 W. Woodruff Ave., Columbus, OH 43210
Phone: /614/292-4269/ Email: dunlap.3 at osu.edu <mailto:dunlap.3 at osu.edu>
https://physics.osu.edu https://asctech.osu.edu

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osu.edu/pipermail/physics-staff-df/attachments/20190502/3360e1a7/attachment.html>

More information about the physics-staff-df mailing list