As part of our Office 365 Transformation Roadmap, we are implementing email improvements throughout the current academic year. Two upcoming enhancements are a new and improved landing page for logging in to email and new URL rewrite security to protect you to from malicious links in emails.

Landing Page

In addition to login access, the new page also provides information and resources about Office 365 applications. To go directly into email, click the link on the upper right corner, under the “Log in to Office 365” button that reads, “Log in to Outlook.”

After we make the update on Dec. 7, the first time you log into Outlook on your desktop or laptop computer, you may see an Autodiscover prompt as Exchange reestablishes communication with our servers.

If you see a prompt like this one, check the “Don’t ask me about this website again” checkbox and click “Allow.”


URL Rewrite

Cybercriminals often send messages and links to websites that look legitimate, even to the discerning eye. The messages may use our logos, contain valid addresses and incorporate other legitimate information. URL Rewrite is our newest addition to our toolkit for identifying messages that could infect your computer with malware or direct you to phony websites that steal your credentials.

URL Rewrite protects you by rewriting URLs in emails from external users message (for example:;!Qax5OMzm).  If the URL directs you to a malicious site, you will receive a warning message. URL Rewrite only works on incoming messages and will not affect messages that you send. For more information, visit our Knowledge Base.

If you believe a URL has been blocked unnecessarily or believe a fraudulent website has not been blocked, please contact the IT Service Desk. This feature goes into effect on Dec. 4. You don’t need to do anything to take advantage of this security feature.

Get Help

If you need assistance with email, contact the IT Service Desk for support:

Phone:            614-688-HELP (4357)

Extortion Scam: Don’t Fall for Email Threats

Some of our users have recently reported seeing a widely-used Username and Password scam that cybercriminals are using to extort money from recipients. Our email security software has been stopping these messages and sending a follow up notification that a malicious email has been contained. But cybercriminals change tactics regularly, so we wanted you to be aware in case a message gets through our defenses.

Extortion email screenshot

Why is this happening?

In most cases, cybercriminals purchase a username and password – possibly on the dark web. When contacting the target, the criminal often does not provide the current password but a previous password used in services outside Ohio State.

However, if a criminal can provide an accurate password used in the past, it is an excellent scare tactic and is often successful in acquiring money or information from a target. A legitimate password makes the threat seem legitimate.

Usually, the cybercriminal attempts to extort money in exchange for not sharing the password with others and/or uses that data to impersonate you on sites that use that password. The attached screenshot is an example.

If you receive this type of threat, do not engage with the sender. Instead:

  • Immediately change your password on any site where the exposed password was used.
  • Do not use the same password on multiple sites.
  • Find out if any of your accounts have been compromised by visiting
  • Consider using a password manager to help create and store passwords. Password managers assist in generating and retrieving unique complex passwords, potentially storing such passwords in an encrypted database or creating them on demand.

For help and information, contact the IT Service Desk by phone 614-688-HELP (4357), by email at or by logging in online at