by Shawn Sines

OSU's e-mail system and its users recently became a more interesting target for a number of Internet criminals. The timing of the mail upgrade and the changes affecting the central mail server combined to make the perfect situation for miscreants to exploit. Many e-mails supposedly sent by "the OSU Webmail team" asked users to send personal information including login and password information as a result of the "webmail upgrade".

This was a fake message created to lull trusting OSU students and employees into exposing their personal accounts. The criminals then used the exposed accounts to send millions of spam e-mails to recipients all over the Internet and this act resulted in a significant number of services reporting our users for spam violations.

Students, faculty and staff that receive requests for account information and passwords along with demographic details should not respond to these messages. Please be aware that Ohio State University will NEVER ask for your account information by e-mail. Messages requesting this information should be forwarded to abuse@osu.edu to enable the Office of the CIO Security Group and OSU e-mail administrators to take action to prevent further attempts from these e-mail accounts.

Users who mistakenly revealed information in response to one of these requests should immediately notify security@osu.edu and contact 8help at 688-HELP to change their OSU webmail password.