Phishing Scams: What OHIO parents and families need to know
February 7, 2020
Cyber criminals increasingly are targeting college students with email phishing scams designed to steal financial aid and tuition refund payments. Ohio University has implemented automated security measures to reduce the number and impact of these scams, but technology alone cannot provide full protection. Read on to learn what other steps OHIO is taking to help students better protect themselves.
Enabling multi-factor authentication
Many scams target tuition payments or financial aid. After tricking a student into revealing their password, a criminal logs into My OHIO Student Center, drops all of the student's classes, and changes account settings to send the resulting refund to a bank account the criminal controls. Sometimes, the criminal also will login to a student's email account to delete any confirmation messages that would let the student know something was wrong.
Multi-factor authentication, a security feature that adds a verification step to OHIO logins, can keep this from happening. When someone tries to login to a protected service, the system will send a verification request to the student's phone. The student then can deny the request if the login was not theirs.
Multi-factor required for direct deposit, starting March 2020
Multi-factor authentication has been an option for students since summer 2019. Starting in March 2020, students will be required to use it for the direct deposit section of My OHIO Student Center. Students will be prompted automatically to enroll as part of the login process once the requirement is enabled.
Recommended for email
Because the first thing a scammer often does is log into their victim's email, we strongly recommend that students enable multi-factor authentication for their email account by choosing enable Multi-Factor Authentication for All eligible services when enrolling in the service.
Helping students identify scams
To help students learn how to spot scams, OHIO IT's information security staff will periodically send simulated phishing messages. These messages will be completely harmless, and students won't get in trouble if they mistakenly reply to one. If a student responds to a simulated phishing message, they will have the opportunity to review a brief tutorial that will ensure they are better prepared to recognize phishing messages in the future.
What families can do
Multi-factor authentication is the single best way to secure a student's OHIO account. Encourage your student to enroll in multi-factor if they haven't already done so.
If you have any questions, contact the IT Service Desk.