According to OIT security analyst Tom Conley, most spear phishing attempts at Ohio University are directed at users of the university's Webmail system, but any service that has an online presence is fair game. For example, OIT recently identified a scam targeted at Outlook readers. The e-mail message instructed recipients to visit a URL for the day's news stories.  Individuals who did so were asked to enter their Oak IDs and passwords into a counterfeit Webmail login screen. OIT has blocked access to the offending site and has filed a phishing report with the United States Computer Emergency Readiness Team (US-CERT), a government/private-sector that coordinates defense against cyber attacks. Both actions are standard procedure for dealing with scams, Conley said.

Because scam messages do sometimes make it past the university's spam filters, Conley recommends that individuals keep a few basic rules in mind:

• Never reply to an e-mail that asks you to send personal information such as passwords or bank account numbers
  
  
  
• Be wary of an e-mailed Web link that asks you for your password, especially if that site normally does not require a password
  
  
  
• Do not open unsolicited attachments, even if they appear to come from a legitimate source

To report suspicious online activity, you can call the OIT Security Hotline at 740-566-SAFE or send e-mail to security@ohio.edu.