Ohio State regularly runs phishing training exercises to the university community. By clicking the link that brought you to this page, you succumbed to a university phishing simulation. Read on to learn how to spot phishing messages and protect yourself and the university from malicious attacks.
Spotting the Phish
You received this email:
Sender Addresses: The sender address, professor.plum@linkedincdn.com, is generic, not the correct email domain for faculty at Ohio State, and should raise red flags. The domain (everything after the @ symbol) is the first indication that this might be a phishing attack.
Suspicious Language: Although students may be contacted by researchers to join projects, they rarely pay as much as $300 per week. If it seems too good to be true, it probably is. There are also some subtle misspellings that you may have recognized. If you are prompted by Ohio State to engage in an activity that seems strange, report the email as suspicious so the security team can take defensive action and alert others.
When you engage with the email, you are sent to a fake log in page.
Review the URL of web page before engaging with it: When you clicked from the email, a website was loaded with a URL of login.onedrive-micrasoft.com, which is not a legitimate site. Attempt to confirm the legitimacy of a site before you enter login credentials or personal information like name, email address or phone number.
Report Phishing Attempts
If you ever suspect an email to be a phishing attempt, please report it immediately by clicking the "Report Suspicious" button in the warning banner which appears at the top of that external email.