Tax Time Brings Latest Catmail Scam

Posted on:

< < Back to

The latest email scam directed at Ohio University students and faculty has the Office of Information Technology scrambling again to keep its clients safe.   The fraudulent messages to Catmail users include the subject “Important Warning! Please Read” and asks recipients to update their ohio.edu accounts by submitting their passwords.

Fortunately, it is not a university-wide scam, and only a select number of individuals received the emails. OIT and Bobcat Depot are aware of the problem. Their main concerns are repairing affected accounts and preventing future scams.

“It’s really hard to track down who does this and it’s really common,” Sean O’Malley, Communications Manager for OIT said. “We see these things every day of the year – we catch most of them, but now and then the filters let some through.”

When that happens, O’Malley said he reminds people to be suspicious, and ‘when in doubt, throw it out.’

This type of scam is known as phishing. Someone places bait in front of a target, and individuals fall victim when they bite. The scammer creates a legitimate-looking, but fake, website that collects information such as passwords. In this case, Catmail is used as a facade.

O’Malley sees an increase in these schemes around tax season with scammers trying to obtain as much personal information as possible. He says it’s important to protect Ohio University email accounts.

“The main thing to worry about is if you have that password reused, which you shouldn’t do,” he said. “Your Ohio password should be unique for here so that people can’t get access to other accounts.”

Many students ignore emails from unfamiliar sources, but O’Malley says known scam-emails should be forwarded to security@ohio.edu for examination.

While these scams have the potential to cause serious damage, workers at the Bobcat Depot say email accounts can be fixed by resetting passwords, or deleting users and creating new profiles.

O’Malley says the best tip is to remember the University will never ask for your password in an email. If an email tells you to verify or upgrade your account, or login to confirm your personal information, it’s a scam.