Cyber criminals increasingly are targeting college students with the goal of stealing financial aid and tuition refund payments.
Protect yourself today by taking these steps:
- Utilize multi-factor authentication. This is the single best way to secure your OHIO account! You'll get a verification request on your phone any time someone tries to access your account. If a login isn't you, press the DENY button and change your password.
- Learn to recognize scams. The Information Security Office provides guidance on how to recognize malicious email messages. They also have an informative webpage called the Phish Bowl that assists the OHIO community by providing confirmation of phishing messages or validating the legitimacy of a message that may appear to be phishing.
- Forward suspicious messages as an attachment to firstname.lastname@example.org to ensure these attempts are reported.
- Create strong passwords and avoid password reuse. Easy to guess passwords or passwords used across multiple services or accounts can increase the chances that your account could become compromised.
Why this matters
Cyber criminals are always looking for ways to deceive people. For example, If someone tricks you into giving them your OHIO password, they can use it to steal money from you. A LOT of money. Here's how it works:
First, a criminal sends you a phishing email with a link to a fake OHIO login page. If you enter your password on that page, the criminal steals your password, logs into My OHIO Student Center, drops all of your classes, and changes your account settings to send the resulting tuition refund to a bank account they control. Sometimes they'll also log into your email account to delete any confirmation messages that would clue you into what is going on.
Without multi-factor authentication, your personal information could be at risk. With multi-factor authentication, your personal information would be protected. The system would send a verification request to your phone when the criminal tried to login to your account. You'd see that notification and be able to deny the login request.