Phishing: It happens, even in libraries
Home | Blog | email | Phishing: it happens, even in libraries

Phishing: it happens, even in libraries

PhishingWhen the folks I work with at OPLIN suggested this topic, my first reaction was “Isn’t that too basic for MeanLaura to be covering?”  All of my colleagues assured me, sadly, that it wasn’t.  And then I, too, was sad.

You’ve almost certainly heard the word “phishing” before.  Chances are you even know what it is: it’s a form of Internet fraud, where someone pretends to be from a legitimate organization or business and attempts to gain confidential information, such as credit cards or passwords, from you.

It’s not a new practice, yet even librarians here in Ohio are apparently susceptible.  There have been recent phishing attempts to gain access to OPLIN webmail.  These are typically emails sent to individual library staff, claiming to be from OPLIN.  In the emails, the sender asks for items such as passwords and even date of birth, sometimes even accompanied by threats of immediate deactivation of the email account for non-compliance.

Below, two real examples of phishing emails OPLIN has been made aware of:


This is to complete your account verification process of the
past year for the maintenance of your Webmail account. You
are required to respond to this message and enter your ID
and PASSWORD space (*******). You should do so before the
next 48 hours of receipt of this email, or your account will
be deactivated and deleted from our database.

Full Name:
Webmail User ID:
Webmail Password:
Confirm Password:
Date Of Birth:

Your account can also be

©2008-2010 Ohio Public Library Information Network.


automatically by the computer. If you are receiving this message it means
that your email address has been queued for deactivation; this was as a
result of a continuous error script (code:505)receiving from this email
address. Click here <>  and fill out the required field to
resolve this problem
Note: Failure to reset your email by ignoring this message or inputting
wrong information will result to instant deactivation of this email

What does this mean to me, Laura?

  • OPLIN will NEVER send an email asking for your password.  NEVER EVER.
  • If OPLIN does contact you, we will identify ourselves.  All of us have email signatures with our identifying information.  Some of us have long signatures!
  • There are only 5 of us at OPLIN.  So an email is generally either from one of us, or from (this does not include listserv emails, which are a different beastie).
  • If a police officer shows up at your home, you have the right to keep him/her waiting outside while you call your local police department and verify if they actually sent someone.  Email is the same way.  Feel free to contact OPLIN directly to verify if we sent an email before clicking anything or responding.