Reminder: OHIO will never ask for your password in an email

At Ohio University, protecting your account and personal information is one of our highest priorities. As phishing attempts continue to grow more sophisticated, this is a good time to reinforce a critical rule of account safety: 

The Office of Information Technology (OIT) will never email you asking for your password, authorization codes, or any other credentials. 

In addition, OIT will also never direct you to enter your OHIO ID and password into a Google Form or any other third-party form not hosted on an official ohio.edu website. 

If you receive an unexpected message asking you to "verify your account," "prevent deactivation," or "confirm your login details," please assume it’s suspicious and do not click any links or provide any information. 

How to recognize a legitimate credential prompt 

Sometimes you will be asked to enter your OHIO login, for example, when accessing a protected University service. To help you distinguish real sign-in prompts from phishing attempts, OIT maintains a detailed guide on verifying authentic login screens.

You can read the guide here:

• Knowledge Base Article: How to Recognize Legitimate OHIO SignIn Prompts 

This guide includes: 

• What legitimate OHIO login pages look like 
• Which URLs are safe 
• How to confirm when authentication is expected 
• Red flags to watch for in phishing attempts 

OIT strongly encourages all OHIO employees to review this information and share it with colleagues who may be less familiar with phishing tactics. 

When in doubt, reach out 

If you ever receive a suspicious message or login request, forward it to security@ohio.edu or contact the IT Service Desk. It’s always better to verify before clicking. 

Staying vigilant helps keep the entire University secure. Thanks for doing your part.