The university is launching a new program to help employees avoid falling victim to phishing emails. Groups of faculty and staff members will receive unannounced, simulated phishing emails beginning in September.
Real phishing emails can be simple or complicated, and try to trick you in many ways. They often try to steal your login information, download a virus to your computer, take you to fake websites to log in or buy something, ask you to change business billing information, or ask you to buy gift cards for someone impersonating a colleague or friend. Learn more about phishing tactics.
If a faculty or staff member clicks the link in a phishing exercise email, they will be shown an educational awareness page letting them know it was part of the simulation exercise, what to do if they receive a real phishing email, more information about types of phishing emails, and what to watch out for in the future.
If you have questions or concerns about this new program, contact Mark Herron, university chief information security officer, at email@example.com or 216.368.6959 or Lisa Palazzo, university chief compliance and privacy officer, at firstname.lastname@example.org or 216.368.5791.
In the meantime, improve your cybersecurity habits by watching out for these signs that an email may be a phishing email:
- It wasn’t expected (“out of the blue”)
- You’ve never heard of the sender or company before
- It’s asking you for money, financial information, or to buy something
- It has a sense of urgency to it (“act now,” “hurry,” “limited time,” or “or else”)
- It may have multiple misspellings, or odd grammar
- It just seems “too good to be true”
What to do if you receive a phishing email:
- Do not open it, just delete it.
- If you opened it in webmail, use the Google three-dot menu to “Report phishing”
- You may also forward it to email@example.com
What to do if you opened the phishing email and clicked something:
- Report it immediately by contacting the [U]Tech Service Desk at firstname.lastname@example.org, calling 216.368.HELP (4357) or visiting help.case.edu
Visit security.case.edu for definitions, examples, alerts, instructions and more on what to do about phishing. View direct anti-phishing advice.