We have received multiple reports of an ongoing phishing scam targeting both employee and students at OSU. An example of this most recent message is below (with all malicious links removed).

Please remember that OSU will never contact you from a non-university email address or ask for your for your personal information. If you ever receive an email that you feel may not be authentic do not reply to the message or click on any embedded hyperlinks until you have verified it’s authenticity via telephone or a separate email.

From: OSU <nahmad@trinity.unimelb.edu.au>
Date: March 9, 2015 at 9:21:32 AM PDT
To: undisclosed-recipients:;
Subject: Faculty/Staff/Student

Faculty/Staff/Student ;

With the strengthening off our security system and improving your mailing experience, We have detected your mail settings are out of date.to enhance computer system security and comply with federal audit requirements, ITS now requires all faculty, staff, and students to Complete this procedure, kindly Click ITS to update your account to the latest Outlook Web Apps 2015, login to the Exchange outlook access and automatically update your mailbox by filling out the requirements correctly.

___________________
Sincerely,
ITS Service Desk

Originally posted by OSU Government Affairs Weekly Summary

Dr. Bruce McPheron, Dean of Ohio State’s College of Food, Agricultural and Environmental Sciences (CFAES), attended the APLU Council for Agricultural Research, Extension, and Teaching (CARET) conference in Washington this week. Joining Dr. McPheron at the conference were Dave Benfield, OARDC Associate Director, Gwen Wolford, Director of CFAES Government Affairs, as well as volunteer delegates Bob Boggs, Susan Crowell, and Nate Andre. CARET is a national grassroots organization that advocates for greater national support and understanding of the land-grant university system’s food and agricultural research, extension, and teaching programs that enhance the quality of life for all people. While in Washington, members of the group also had meetings scheduled with Representatives Bob Latta, Marcy Kaptur, and Bob Gibbs and staff from the offices of Representatives Marcia Fudge, Joyce Beatty, Steve Chabot, Tim Ryan, Pat Tiberi, Dave Joyce, Jim Renacci, Steve Stivers, Mike Turner, Jim Jordan, Bill Johnson, Brad Wenstrup, and Speaker John Boehner, as well as Senators Rob Portman and Sherrod Brown.

We are receiving reports from REN-ISAC (Research & Education Networking Information Sharing and Analysis Center) concerning a resurgence of phishing attacks aimed to cause fraudulent wire transfers of funds. In most of the reports, the message appeared to come from the university president, by name, to a vice president, by name, asking for “help [to] process an outgoing wire transfer”. One report involved the combination of CEO and CFO. Attacks are occurring today and extend back at least two weeks (one outlier as far back as November).

Please ensure your department executives, and anyone with authority to conduct wire transfers, are aware of these phishing emails.

REN-ISAC also recommends:

WE STRONGLY RECOMMEND THAT all online banking operations should be conducted on special-use computers that are used SOLELY for banking transactions. No other use of the machine should be permitted – no e-mail, no web browsing, no general-purpose business use – nothing but institutional online banking transactions.
And

Never rely solely on received e-mail for instructions to conduct financial or other sensitive transactions. Always conduct an out-of-band (OOB) verification, e.g. via phone call. If you are the source of such instructions, take the initiative to conduct OOB verification with your recipients, and train them to that kind of expectation.

As always, report any suspicious activity to security@osu.eduProte