“Hacker steals teacher’s direct deposit paycheck: University says too bad so sad.”
The above headline is from an actual event that took place at Western Michigan University and has been duplicated at other institutions such as the University of Kansas and Boston University.
Over the past few years, The Ohio State University has seen phishing (the activity of defrauding an online account holder of financial information by posing as a legitimate entity) and identity theft crimes increase in the Higher Education sector. At universities which were hit first, some employees who have been taken in by phishing emails have had their pay checks rerouted away from their banks to accounts controlled by cybercriminals. Word spread quickly among Higher Education security experts, and by being aware and knowing what to look for, we have so far been able to prevent similar results at Ohio State.
The BuckeyePass system is one of many steps taken to assist in securing your information.
Beginning September 12, 2016, BuckeyePass will be protecting all our employees personal data found in Employee Self Service. Among other things, Employee Self Service allows you to update your personal data including the bank routing information for the direct deposit of your pay. CFAES Leadership recommends that you register for BuckeyePass before September 12, 2016 to ensure you are able to access your HR information without disruption. If you have not done so by the time BuckeyePass goes live on September 12, 2016, you will not be able to access your information in Employee Self Service until you complete the registration process.
Please refer to OSU’s BuckeyePass Knowledge Base for detailed instructions on how to register for BuckeyePass. If you have any questions during the process of registering for BuckeyePass, please contact the CFAES IT Help Desk or 8HELP.
As mentioned in the headline noted above, the successful phishing attempt resulted in a financial loss for the individual who responded to the phishing attack. If you receive an email which doesn’t look right or you have doubt as to its legitimacy, please contact CFAES’ Information Security Officer (Rob Clifford, clifford.158). Do not respond to or click on any links within the email. You may also forward the suspicious email to report-phish@osu.edu. As a reminder, Ohio State will never call or email you asking for your password or any other credential. Do not provide this information if requested.
Matt DeVore
Chief Information Officer, CFAES
The Ohio State University
College of Food, Agricultural, and Environmental Sciences Information Technology Services