An email containing a phishing scam sent from what appeared to be an associate professor’s email address went out to various Ohio University students Friday.
The email’s subject line read “Notification (Outstanding Payment)” and the sender's email matched Cheryl Howe, an associate professor in the College of Health Sciences and Professions. The email contained an OU logo, a brief message informing the recipient they had an “outstanding payment” and a link.
The Office of Information Technology has taken measures to reduce risk to those who received the email, Sean O'Malley, OIT communications director, said.
“The university sees a constant stream of phishing messages around the clock,” O’Malley said in an email. “Phishing attacks like these are not unique to OHIO. They are a broad problem that everyone on the internet faces.”
Howe could not be reached for a comment.
When trying to identify an email phishing scam, looking at the “from” address is not always much help, O'Malley said. Scammers are good at faking where a message came from, but it is easy to tell if a link does not lead to a legitimate site, he said.
“Scammers also try to hide where their links point, but if you mouse over (without clicking) a link, after a few moments a box will pop up displaying the actual destination,” O’Malley said in an email.
The destination of the link in Friday’s email led to lightswitchtimer.co.uk, which is not an OU website, O'Malley said.
“The best thing you can do if you receive an unsolicited message that asks you to click a link or log into an official-looking web page is to forward that message as an attachment to firstname.lastname@example.org and then delete the message without clicking the link,” O’Malley said in an email.
For someone who logs into a phishing scam’s link, the best thing to do is change your password. If you are unable to change your password, contact the IT Service Desk at 740-593-1222.