This Was a Phish

Ohio State regularly runs phishing training exercises to the university community. By clicking the link that brought you to this page, you succumbed to a university phishing simulation. Read on to learn how to spot phishing messages and protect yourself and the university from malicious attacks.

Spotting the Phish

You received this email:

Email from Tax Axe, a fake tax prep company threatening recipients about expired tax documents

Sender Addresses: The sender address, hr@netbenefits-access.com, is generic, not the correct email domain for Human Resources at Ohio State, and should raise red flags. The domain (everything after the @ symbol) is the first indication that this might be a phishing attack.

Suspicious Language: Although it is tax season, an email threatening recipients about the potential of losing critical tax documents would not come from a third party company, certainly not a fake company that doesn't exist. The IRS Form W-8BEN is a Certificate of Foreign Status of Beneficial Owner of United States Tax Withholding and Reporting for individuals and would be rare for you to need in your tax preparation.

When you engage with the email, you are sent to a fake log in page.

Web page asking for user to submit their email address to the attacker

Review the URL of web page before engaging with it: When you clicked from the email, a website was loaded with a URL of login.onedrive-micrasoft.com, which is not a legitimate site. Attempt to confirm the legitimacy of a site before you enter login credentials or personal information like name, email address or phone number.

Report Phishing Attempts

Image of the 'report suspicious' banner displayed at the top of every external email you receive. Click this banner to report suspected phish.

If you ever suspect an email to be a phishing attempt, please report it immediately by clicking the "Report Suspicious" button in the warning banner which appears at the top of that external email.