Phishing | University Technology, [U]Tech | Case Western Reserve University

Need to report a Phishing attack?

Use the "Report" button in Gmail or forward any suspicious messages to security@case.edu.

Cyber criminals want your password/passphrase, your credit card numbers and other forms of personal information. To do this, they send emails that trick you into divulging your Network ID (username) and password/passphrase, as well as other forms of personal information.

This act, commonly known as phishing, is a global problem that grows more challenging as criminals invent new forms of deception. University Technology ([U]Tech) actively monitors and protects our environment, but you are the first line of defense.

Warning: Case Western Reserve University will never request confidential information through email, such as your university passphrase or Network ID. Therefore, refrain from clicking links in email messages that appear to be from Case Western Reserve University [U]Tech. Often these links correspond with websites that look familiar, but actually are fake pages designed to capture personal information.

silhouette of a man on laptop. blue in color, cyber threat icons present.

Key Indicators of a Phishing Attack

Check the Email Header

Many people fall for phishing scams because they don’t take the time to inspect email headers. If an email seems suspicious, always verify the sender! Phishing emails often appear legitimate at first glance but contain subtle inconsistencies.

For example, an email from "MicrosoftAccountSupport@gmail.com" would be a red flag—Microsoft would never use a generic Gmail address for official communications.

Check the Links

Phishing emails often contain links that seem trustworthy but actually lead to fraudulent sites. For example, the email might claim there's an issue with your Microsoft 365 account and provide a link that appears as "login.microsoftonline.com". However, when you look at the real link it is taking you to, you might find it is taking you to “123.123.123.123/micros0ft/resetpassword/". This clearly does not belong to Microsoft.

Read the Email Carefully

Phishing emails frequently use generic greetings like "Dear Valued Customer" instead of addressing you by name. As you continue reading, you may notice poor grammar or awkward phrasing—another red flag. These emails often create a sense of urgency, warning that your account will be locked or services suspended if you don’t act quickly. This tactic is designed to pressure you into clicking links or providing personal information without second-guessing.

Compare with Legitimate Emails

If you suspect an email might be a phishing attempt, compare it to a known legitimate email from the same company. Scammers often make small but noticeable mistakes in formatting, logos, or wording.

If you’re still unsure, contact the company directly using their official website or customer support number—never use contact details provided in the suspicious email. When in doubt, it’s always better to verify than to fall victim to a scam.

Phishing FAQs

What is Phishing?

Phishing is a type of cyber attack where attackers impersonate trusted sources (e.g., school officials, IT staff, or popular services) to trick users into revealing personal information, such as passwords, credit card numbers, or Social Security numbers.

How can I recognize a Phishing email?

Phishing emails often include:

Urgent or threatening language (e.g., "Your account will be locked!")
Unfamiliar or suspicious sender addresses
Unexpected attachments or links
Requests for personal or financial information
Poor grammar and spelling mistakes

What should I do if I receive a suspicious email?

Do not click on any links or download attachments.
Do not reply or provide any personal information.
Report the email to security@case.edu

What happens if I accidentally click on a Phishing link?

Do not enter any credentials.
Notify your IT department as soon as possible.
Change your password/passphrase if you suspect your credentials were compromised.
Run a security scan on your device.

How can I protect myself from Phishing attacks?

Be cautious with emails and messages that ask for sensitive information.
Verify the sender before clicking on links or opening attachments.
Enable multi-factor authentication (MFA) on your accounts.
Use strong, unique passwords/passphrases for different accounts.
Keep your software and antivirus programs updated.

Can Phishing attacks happen outside of email?

Yes! Phishing can occur via:

Phone calls (vishing) – Scammers pretending to be tech support or school staff.
Text messages (smishing) – Fake messages with malicious links.
Social media and messaging apps – Scammers impersonating friends, teachers, or school officials.

What should I do if my account gets compromised?

Change your password/passphrase immediately.
Enable multi-factor authentication (MFA), if not already enabled.
Check for unauthorized activity on your account.
Report the Incident (by utilizing the "Report an Incident" button or sending an email to the Service Desk at help@case.edu)

Where can I report Phishing emails?

You can report phishing attempts by either using the "Report" button in Gmail or forwarding the email to security@case.edu.