The university is launching a new program to help employees avoid falling victim to phishing emails. Groups of faculty and staff members will receive unannounced, simulated phishing emails beginning in September.
Real phishing emails can be simple or complicated, and try to trick you in many ways. They often try to steal your login information, download a virus to your computer, take you to fake websites to log in or buy something, ask you to change business billing information, or ask you to buy gift cards for someone impersonating a colleague or friend. Learn more about phishing tactics.
If a faculty or staff member clicks the link in a phishing exercise email, they will be shown an educational awareness page letting them know it was part of the simulation exercise, what to do if they receive a real phishing email, more information about types of phishing emails, and what to watch out for in the future.
If you have questions or concerns about this new program, contact Mark Herron, university chief information security officer, at firstname.lastname@example.org or 216.368.6959 or Lisa Palazzo, university chief compliance and privacy officer, at email@example.com or 216.368.5791.
In the meantime, improve your cybersecurity habits by watching out for these signs that an email may be a phishing email:
It wasn’t expected (“out of the blue”)
You’ve never heard of the sender or company before
It’s asking you for money, financial information, or to buy something
It has a sense of urgency to it (“act now,” “hurry,” “limited time,” or “or else”)
It may have multiple misspellings, or odd grammar
It just seems “too good to be true”
What to do if you receive a phishing email:
Do not open it, just delete it.
If you opened it in webmail, use the Google three-dot menu to “Report phishing”