Did the [U]Tech's Information Security Office hook you with its most recent simulated phishing email? It was sent to full-time faculty and staff from "mgmt" on Nov. 15, and had the subject "Employee Salary NOV’23."
If you look closely at the message, you can see several indicators that this message is not legitimate.
Here’s what the email looked like – notice the yellow "External" tag, which should alert you to be careful, along with the non-CWRU sender address of "mgmt@my.webshar.es":
The subject line—"Employee Salary NOV’23"—should trigger suspicion: salary increases are typically processed in the summer. The body of the email mentioned the "upcoming" wage increases for personnel. This is an example of how phishing attacks prey on the recipients’ sense of responsibility, and create false urgency by implying you will lose access to something important if you do not act.
If you clicked the link in the email and then submitted your CWRU login credentials on the generic login page (which lacked any CWRU branding and didn’t use the university’s Single-Sign On interface), it took you to an educational awareness page with valuable tips on what to do if you receive a real phishing email. It also contained information about types of phishing emails, and what to watch out for in the future.
If you were hooked and provided your real CWRU credentials, not to worry. In this instance, your information was not stored or harvested by attackers. If you realize you’ve been hooked by a real phish, you should change your CWRU passphrase as soon as possible, to something radically different.
You can reset or change your passphrase from the Single-Sign On page using the link there to reset or change your passphrase.
For more security awareness information, and to view our gallery of phishing examples, visit https://security.case.edu.