[U]Tech Completes Phishing Simulation

As announced last fall, Case Western Reserve University launched a new program to help employees avoid falling victim to phishing emails.

Phishing is a global problem that grows more challenging as criminals invent new forms of deception. Real phishing emails can be simple or complicated, and try to trick you in many ways. They often try to steal your login information, download a virus to your computer, take you to fake websites to log in or buy something, ask you to change business billing information, or ask you to buy gift cards for someone impersonating a colleague or friend. ;Learn more about phishing.

Groups of faculty and staff members are receiving unannounced, simulated phishing emails throughout the year. If they click the link in a phishing exercise email, they will be shown an educational awareness page letting them know it was part of the simulation exercise, what to do if they receive a real phishing email, more information about types of phishing emails, and what to watch out for in the future.

The latest phishing simulation email was sent out this week. Whether you opened it or not, view the warning signs it had:

  1. The subject line references a CEO, and the body mentions “Kathryn McGee – CEO.” CWRU’s organization chart does not have a chief executive officer, much less one by that name. The message was trying to trick you by invoking an authority that does not exist in our organization.
  2. The sender’s email address (identifying itself as administrator (<drive-shares-noreply@edoctransfer.com>) was not a case.edu email address and the message was flagged by Gmail as an External message.
  3. The body of the email had no real details or context and included a link but no attachment. Additionally, if you hovered over the link, it didn’t go to where it said it would; it went to “http://s.edoctransfer.com/107519/a67780/7a29e133-6e2e-43cf-a9d1-6d01f0c7f145/?” instead of a “docs.google.com” address.
  4. If you clicked on the link, it took you to a fake login page with no Google Docs “look and feel” to it. The web browser flagged it as an unsecure connection and there was no Single-Sign-On or CWRU branding meaning it wasn’t a case.edu login page.

There are three risky steps in any malicious email interaction:

  1. Opening the email (low-medium risk)
    1. Opening the email can auto-run malicious code, like spyware or a virus infection, or load offensive materials.
  2. Clicking a link or opening an attachment (medium-high risk)
    1. Clicking a link or opening an attachment can download or run malicious code, take the user to a website that runs spyware or presents offensive materials, or steal data from the user’s computer or device.
  3. Entering your login ID and a password (high risk)
    1. Entering your CaseID and password on non-CWRU sites can allow someone else to log in to our systems as you and access, change or steal your information, including changing your direct deposit information, seeing your benefits and reading your emails. If you also use that password somewhere else, they can potentially log in there as well (e.g. your bank, TV streaming service or medical provider).

If you fall for a phishing email, contact the Service Desk at 216.368.HELP (4357) or report it to phishing@case.edu, change your CWRU password as soon as possible and run a full virus scan on your computer.

For assistance with any technology product or service at Case Western Reserve University, contact the University Technology Service Desk at help@case.edu, 216.368.HELP (4357) or visit help.case.edu.