As announced last fall, Case Western Reserve University launched a new program to help employees avoid falling victim to phishing emails. The program will continue during the 2023–24 academic year.
Phishing is a global problem that grows more challenging as criminals invent new forms of deception. Real phishing emails can be simple or complicated, and try to trick you in many ways. They often try to steal your login information, download a virus to your computer, take you to fake websites to log in or buy something, ask you to change business billing information, or ask you to buy gift cards for someone by impersonating a supervisor, colleague or friend. Learn more about phishing.
Groups of faculty and staff members are receiving unannounced, simulated phishing emails throughout the year. If they click the link in a phishing exercise email or submit their CWRU login credentials, they will be shown an educational awareness page letting them know it was part of the simulation exercise, what to do if they receive a real phishing email, more information about types of phishing emails, and what to watch out for in the future. As further educational materials are developed, they may also be provided with brief, computer-based training modules or classes.
Note there are three risky steps in any malicious email interaction:
- Opening the email (low to medium risk)
- Opening the email can auto-run malicious code, like spyware or a virus infection, or load offensive materials.
- Clicking a link or opening an attachment (medium to high risk)
- Clicking a link or opening an attachment can download or run malicious code, take the user to a website that runs spyware or presents offensive materials, or steal data from the user’s computer or device.
- Entering your login ID and a password (high risk)
- Entering your CWRU ID and password on non-CWRU sites can allow someone else to log in to our systems as you and access, change or steal your information, including changing your direct deposit information, seeing your benefits and reading your emails. If you also use that password somewhere else, they can potentially log in there as well (e.g. your bank, TV streaming service or medical provider). Additional security awareness training materials may be assigned to those who provide their CWRU ID and a password to the simulation.
If you fall for a phishing email, contact the University Technology Service Desk at 216.368.HELP (4357) or report it to email@example.com, change your CWRU password as soon as possible and run a full virus scan on your computer.