With the advent of tax season, we’re seeing an increase in the number of phishing emails received, and urge caution when clicking on links contained in emails or responding to requests for account information such as usernames, passwords, and credit card details.
- Do not open any attachments or click on any links in emails unless you were expecting to receive them–particularly about financial matters. When in doubt, double check with the department sending the email.
- Read carefully!
- Be on the lookout for a new scam where the scammers disguise their email and make it appear as though the email is being sent from an executive of the organization. They frequently request that an HR or payroll employee send a list of all employees and their Form W-2s and thereby gain access to this sensitive information about employees. It is easy for a scammer to make an email appear like it is from a person you know—always use caution.
- Phishing websites often look exactly like official OSU login pages. If you did happen to click on a link in an email, do not enter your account info into that site.
- Use the “hover” technique to see where a link goes. Hold your cursor over a link but don’t click. (On mobile devices, touch the link and hold it.) The address where that link is really going will show on your screen. Inspect that address carefully. Be wary of URL shortening services such as tinyurl.com and bitly.com.
We would encourage anyone receiving a phishing message to report it. This will help us try to block or disable the phish.
To submit a phish, send the email as an attachment to phishing@oregonstate.edu.
