Search within:

Identifying Malicious Email

What to do if you clicked on a Link

If you clicked on a link or button in a scam email and entered your OHIO ID and password into the resulting site, you should change your password immediately. If you need assistance changing your password, contact the IT Service Desk at 740-593-1222 or servicedesk@ohio.edu.

Phish Bowl

The Phish Bowl is a new tool designed to promote phishing awareness. Phishing is the top social attack on businesses, responsible for more than 90% of security breaches. There is no concrete way to prevent phishing attacks, meaning awareness is our strongest line of defense. As wide-impact phishing messages are reported, they will be posted on the Phish Bowl along with a verdict and a date. Phishing messages come in a variety of formats. Be sure to check out types of phishing messages to see common phishing attempts the University receives.

Recognizing phishing attempts

Phishing is when internet attackers impersonate someone or something you know to get you to disclose sensitive information, such as your password or credit card details. Anything from your bank routing information to learning if you have an account with a particular service are all valuable to the criminal. While not every unsolicited email is a phishing attack, it should be inspected for other suspicious elements that may help you identify if it's legitimate or not. A good rule of thumb is to ignore and delete the email if it has two or more of the following suspicious elements.

  • Unsolicited. Don't trust emails you weren't expecting to receive that ask for information.
  • Too good to be true. If it sounds too good to be true, it probably is. Part-time job scams often offer to pay an exorbitant amount of money for a simple task.
  • Asking for personal or financial information. Don't reply to emails requesting this information, report them.
  • Deceptive web links. Hover your mouse on the hyperlink to view its true destination. If you don't recognize it, don't click it.
  • Variations of legitimate addresses. For example, an email address ending in @ohio-edu.org instead of @ohio.edu.
  • Fake sender's address. Click the sender's name to view their email address.
  • Requesting urgency. The attacker wants you to act quickly so you don't notice the email is suspicious.
  • Fraudulent sites often don't start with https (the s stands for secure). Never sign into websites that aren't using https.
  • Misspelled words and bad grammar. A legitimate email would proofread and fix these errors before sending.

Spear phishing

More targeted and personalized in order to increase chances of fooling recipients, spear phishing attacks use publicly available information to impersonate target's friends, relatives, coworkers, and other trusted contacts. The attacker will gather information about you through your social media accounts or through your employer's webpage.

  • Do a web search for your name and see what results are returned. Is there any information you're not comfortable being public? Attackers can use this information to customize a phishing message for you to make it appear more legitimate.

To report a phish or ask for assistance in determining legitimacy, forward the email as an attachment to security@ohio.edu. You can learn how to forward as an attachment here.

For additional information in identifying malicious emails, visit StaySafeOnline for a wide variety of educational resources to learn how to protect yourself, your family, and your devices.