This Was a Phish

Ohio State regularly runs phishing training exercises to the university community. By clicking the link that brought you to this page, you succumbed to a university phishing simulation. Read on to learn how to spot phishing messages and protect yourself and the university from malicious attacks.

Spotting the Phish

You received this email:

This image displays this phishing email you received.

 

Sender Addresses: Although this seems like a legitimate prompt from a credible source (Google services), the sender address, noreply@goggl.cc, is very generic, not the correct domain for Google, and should raise red flags. The domain (everything after the @ symbol) is the first indication that this might be a phishing attack. 

When you engage with the email, you are sent to a fake log in page.

This image displays the fake login page for this phishing simulation

Review the URL of web page before engaging with it: When you clicked from the email, a website was loaded with a URL of login.googl.cc, which is not a legitimate site for Google Services. Attempt to confirm the legitimacy of a site before you enter login credentials or personal information like name, email address or phone number.

Report Phishing Attempts

Image of the 'report suspicious' banner displayed at the top of every external email you receive. Click this banner to report suspected phish.

If you ever suspect an email to be a phishing attempt, please report it immediately by clicking the "Report Suspicious" button in the warning banner which appears at the top of that external email.