Over the past few months, a number of e-mails began circulating from a source claiming to be from the Ohio State webmail team or admin managers. The e-mails ask people to submit their osu.edu e-mail account information and password, sometimes along with personal information like a birth date. Some other qualities of these attacks may include a non-OSU reply-to address, poor grammar and incomplete or improper OSU branding.

These messages are not from OIT and, furthermore, OIT will never ask you for your password. These e-mails are phishing attempts and not legitimate requests. You should never reply to these e-mails and never give your password to anyone.

For more information on phishing, check out the Buckeye Secure phishing page .

Here is a typical message you might receive as part of a phishing attempt:

From: "Support@osu.edu" (Support@osu.edu)
Subject: CONFIRM YOUR EMAIL Reply-To: rosagucci11@yahoo.ie

Dear OSU Email Account Owner,

This message is from OSU messaging center to all OSU email account owners. We are currently upgrading our data base and e-mail account center. We are deleting all unused OSU email account to create more space for new accounts.

To prevent your account from closing you will have to update it below so that we will know that it's a present used account.

CONFIRM YOUR EMAIL IDENTITY BELOW Email
Username : ...............
Email Password : ................
Date o Birth:.......................
Country or Territory : ..........

Warning!!!

Account owner that refuses to update his or her account within Seven days of receiving this warning will lose his or her account permanently.

Thank you for using OSU!
Warning Code:VX2G99AAJ Thanks,
OSU Team OSU.EDU beta

The above message is only an example; exact wording may vary.

Once again, these messages are scams, and were NOT sent by the Office of Information Technology or anyone else within The Ohio State University. Do not reply. If you have already replied, go to our Account Management web site and change your password immediately.