Did the [U]Tech's Information Security Office hook you with its most recent simulated phishing email? It was sent to full-time faculty and staff from "mgmt" on Nov. 15, and had the subject "Employee Salary NOV鈥�23."
If you look closely at the message, you can see several indicators that this message is not legitimate.
Here鈥檚 what the email looked like 鈥� notice the yellow "External" tag, which should alert you to be careful, along with the non-CWRU sender address of "[email protected]":
![Screenshot of the phishing email. Subject: Employee Salary NOV鈥23. The word 鈥淓xternal鈥 is highlighted in yellow, indicating that Google has added a tag to the email to mark it as sent from outside the case.edu domain. The message header information reads 鈥渕gmt <mgmt@my.webshar.es> to me.
Case Western Reserve University
Dear Employee,
As already announced, The year鈥檚 Wage increase will start in November of 2023 and will be paid out for the first time in December, with recalculation as of November.
View [link:salary_increase_sheet_November-2023.xls]
You will be informed of the details in advance by letter from the personnel department.
Regards
Case Western Reserve University Management](https://thedaily.case.edu/wp-content/uploads/2023/11/phishing2.png)
The subject line鈥�"Employee Salary NOV鈥�23"鈥攕hould trigger suspicion: salary increases are typically processed in the summer. The body of the email mentioned the "upcoming" wage increases for personnel. This is an example of how phishing attacks prey on the recipients鈥� sense of responsibility, and create false urgency by implying you will lose access to something important if you do not act.
If you clicked the link in the email and then submitted your CWRU login credentials on the generic login page (which lacked any CWRU branding and didn鈥檛 use the university鈥檚 Single-Sign On interface), it took you to an educational awareness page with valuable tips on what to do if you receive a real phishing email. It also contained information about types of phishing emails, and what to watch out for in the future.
![Two screenshots, side-by-side, that capture the visual presentation of the login page and password prompt. On the first screenshot, there is a colorful, Google-esque circle logo, and below it the text reads 鈥淪ign in with your one account鈥. There is a text-entry box labeled 鈥淓mail鈥 followed by a link reading 鈥淔orgot email?鈥 The next line reads 鈥淣ot your computer? Use Guest mode to sign in privately. [Link: Learn More]
[Link: Create account]
[Button: Next]
The second screen shot has the same colorful circle logo, and reads 鈥淪ign in鈥. The email address entered at the last screen, in this case 鈥渘otreal@here.com鈥, is presented on the next line, followed by a text-entry box labeled 鈥淓nter your password.鈥 There is a checkbox option to 鈥淪how password鈥.
[Link: 鈥淔orgot my password鈥漖
[Button: Sign In]](https://thedaily.case.edu/wp-content/uploads/2023/11/phishing34-1024x352.jpg)
If you were hooked and provided your real CWRU credentials, not to worry. In this instance, your information was not stored or harvested by attackers. If you realize you鈥檝e been hooked by a real phish, you should change your CWRU passphrase as soon as possible, to something radically different.
You can reset or change your passphrase from the Single-Sign On page using the link there to reset or change your passphrase.
![This is a screenshot of the CWRU Single Sign-On screen, with a circle and an arrow over the right-hand column of links to the pages for our self-service operations such as resetting your passphrase or contacting the Service Desk. The screen has two columns. The left-hand side reads: [Logo: Case Western Reserve University] [Text: Single Sign-On]
CWRU ID: example 鈥 abc123
[Text input box for username]
Passphrase:
[Text input box for passphrase]
[Link: Forgot your passphrase?]
The right-hand column reads:
QUICK LINKS
[Link: Activate CWRU Network ID]
[Link: Reset your passphrase]
[Link: Change your passphrase]
[Link: Service Desk]
[Link:UTech Home Page]
[Button: Login]](https://thedaily.case.edu/wp-content/uploads/2023/11/phishing5.png)
For more security awareness information, and to view our gallery of phishing examples, visit .