Protect Personal Data

We are receiving reports from REN-ISAC (Research & Education Networking Information Sharing and Analysis Center) concerning a resurgence of phishing attacks aimed to cause fraudulent wire transfers of funds. In most of the reports, the message appeared to come from the university president, by name, to a vice president, by name, asking for “help [to] process an outgoing wire transfer”. One report involved the combination of CEO and CFO. Attacks are occurring today and extend back at least two weeks (one outlier as far back as November).

Please ensure your department executives, and anyone with authority to conduct wire transfers, are aware of these phishing emails.

REN-ISAC also recommends:

WE STRONGLY RECOMMEND THAT all online banking operations should be conducted on special-use computers that are used SOLELY for banking transactions. No other use of the machine should be permitted – no e-mail, no web browsing, no general-purpose business use – nothing but institutional online banking transactions.
And

Never rely solely on received e-mail for instructions to conduct financial or other sensitive transactions. Always conduct an out-of-band (OOB) verification, e.g. via phone call. If you are the source of such instructions, take the initiative to conduct OOB verification with your recipients, and train them to that kind of expectation.

As always, report any suspicious activity to security@osu.eduProte

Leave a Reply

Your email address will not be published. Required fields are marked *