Increased Phishing Attempts Leading to Compromised Accounts
The Ohio State University accounts are being targeting in an increasing number of phishing attempts. Bad actors who send these campaigns often try to get login credentials to gain access to account details, and thus Ohio State’s internal systems and protected information. Last month, there were more than 63,000 credential threat attempts targeting faculty, staff and student email inboxes. While the university’s security systems monitor users’ accounts 24/7 and blocks most of these attempts, a small percentage gets through.
This is where the Digital Security and Trust (DST) team within Office of Technology and Digital Innovation comes in. They constantly monitor for these threats and work to mitigate any potential damage. However, phishing attempts are growing increasingly sophisticated and bad actors are learning how to bypass some security measures. University members must play an active role in protecting information from scammers by evaluating external emails for possible risks, reporting suspicious emails and taking steps to protect their account details.
Recognizing Phishing Attempts
Phishing emails can be very sophisticated, using "real" Ohio State email addresses, convincing branding and/or "official" signatures. Some campaigns use compromised accounts from government agencies, public organizations or schools to send the phishing emails in an attempt to gain trust with recipients. Recently, DST has seen scammers send from compromised external accounts but put university signatures or footers in the email to try to make the phishing attempt look like it was sent internally.
Often, scammers will try to get users to click on links that appear legitimate but send recipients to malicious web sites that look and feel like the authentic ones. In a recent phishing attack, link clicks led users to a fake, but very realistic looking, Buckeyepass/Duo page where they were asked to enter their university password and two Duo passcodes. After users entered their unique passcodes into this fake webpage, the bad actors were able to bypass the university’s multifactor authentication protection to access the user’s account information.
While scrutinizing email senders and links is a great first step to protecting account information, users should be suspicious of any email that asks for personal information or that directs to a webpage that prompts for this information. Users should NEVER send account information through email or enter it into an online survey (i.e., Google Forms, Qualtrics, etc.) or non-university webpage.
Signs Your Account Has Been Compromised
The DST Incident Response team works with users to reset passwords on potentially compromised accounts. In instances of phishing attempts where the bad actors gained access to especially sensitive information, a user’s password may be re-set for them.
Some users who have had their account information taken in a phishing attempt may notice they are receiving Buckeyepass/Duo push notifications that they did not initiate or other suspicious activity in their accounts. These users should visit my.osu.edu and change their password immediately. The incident should also be reported to firstname.lastname@example.org.
Learn More and Report Phishing
More information on recognizing phishing attempts, as well as steps to protect users from these attacks, can be found on the university’s Avoiding Threats – Phishing webpage. Faculty and staff can learn more about phishing and other cybersecurity topics through the Cybersecurity for You awareness platform.
If you suspect you received a phishing email, please report it to the Incident Response team by clicking the Report Phishing button located in the top right navigation panel of your Outlook inbox. Alternatively, you can forward the email to email@example.com.