The bad news...
it’s not just email anymore. Bad actors are everywhere. They are finding new ways to get you to reveal personal or sensitive information.
The good news...
The Yale Information Security Office (ISO) has your back with easy-to-follow tips to help you outsmart the smartest crooks.
Our Cybersecurity Awareness Program introduces simple, repeatable actions to keep your data out of harm’s way.
This month we’re introducing our Click with Caution toolkit! Want to avoid clicking on malicious links? We invite you to learn about phishing and how to stay safe at home and at work.
Let's Click with Caution and keep our Yale data and systems safe. Happy reading, learning and doing!
Have a suspicious email to report?
Call the Help Desk at 203-432-9000 or visit helpme.yale.edu.
Ready, Set, Grow!
Use this toolkit to learn how to Click with Caution and enter to win cybersecurity awareness swag!
Are you an expert at social engineering?
What do you already know about phishing and clicking with caution? Take our Buzzfeed style quiz to find out! Get a high score and you might even win some cybersecurity awareness swag!
Phishing, vishing, smishing, oh my!
There are so many ways cyber criminals try to steal our information. What does it all mean? Learn some new terminology to steer clear of the bad guys.
A cyber attack occurs every 39 seconds.
This means cyber attackers are working around the clock. They will attempt to steal your personal information any way they can. Here is what you can do at home or at work.
How to become a cyber sleuth
We receive A LOT of email. Know when to tell the real stuff from the fake stuff using our FUDGE model. Complete our phishing detection activity to become a true cyber sleuth!
Helpful resources at your fingertips
Download and use our Click with Caution resources to test your knowledge and show your cybersecurity awareness support.
Find out what you know (or DON'T know) about phishing
Are YOU a cyber awareness whiz? Take the quiz and and find out!
Phishing Phrases
Have you ever gotten a suspicious e-mail, text, call? These are all examples of social engineering!
Social engineering is using deception to manipulate people into sharing confidential or personal information that might be used for fraudulent purposes.
We know you've heard of phishing. You know, those fake emails asking you to click a link. Well, there’s a lot more to it than just email!
- There’s also vishing (voice-phishing). Ever get a call from the IRS? Be aware for phony phone calls or voice messages trying to steal your personal information.
- Smishing (text message phishing) is also a thing. Did you REALLY win a $500 Amazon gift card? That’s probably a fake text or SMS message.
- Spear-phishing (targeted messages) can be any of these types of phishes. Spear-phishes though are modified to specifically address the individual.
Master these phishy terms with our Word Search!
A cyber attack occurs every 39 seconds.
This means cyber attackers are working around the clock. They will attempt to steal your personal information any way they can, anywhere you are.
Go Straight to the Source
At home
Did you receive an unexpected email from a friend or family member? Does it meet any of the FUDGE (Fear, Urgency, Desire to Please, Greed, or Emotions) Model? Instead of responding, call the friend/family member and talk to them directly.
At Yale
Did your boss or department head ask you to buy gift cards via email? Did they ask you for money right away? Does the request seem odd? Urgent? Before you do anything, make sure it is really them. Do not reply to the email you received. Call them to verify their request is real before falling for a potential phish.
Be Safe, Not Sorry!
At home
If you’re not sure, don’t respond. Instead, go straight to the source. Does it meet all the criteria of the FUDGE model? If yes, mark it as JUNK or SPAM in your personal email client.
At Yale
Call the Help Desk at 203-432-9000. They are trained to help us identify phishing messages and mitigate them as soon as possible. You can also report the phish. See Click with Caution for more details.
Hover to Discover
At home
Hover over the email address to verify the sender is who they say they are. Bad actors may appear to be a familiar company or an @yale.edu email address.
At Yale
Inaccurate or misspelled email addresses offer a clue that something is wrong. For example, handsome.dan@gmail.com.
Fact or Fudge?
Can you tell the difference between a real and fake message, email, link? Test your phish detection skills with our phishing detective quiz and be entered to win cybersecurity awareness swag!
Use the "FUDGE" Model
We receive A LOT of email. Know when to tell the real stuff from the fake stuff using our FUDGE model. Phishing messages often show one or more of the following signs:
Fear—the message is trying to scare you into giving information or taking an action.
Urgency—the message is saying you must take immediate action, “or else”.
Desire to Please—the message appears to come from someone you want to please, like a boss or executive. It makes you feel like you are doing the “right” thing, even though it doesn’t seem normal.
Greed—the message is saying you are the winner of something you want. If it seems too good to be true, it probably is.
Emotions—the message is playing at your emotions. Trust your gut. If you feel something is off, don’t take action, click the link, or open the attachment.
Become a Cyber Sleuth
Complete our phishing detection activity to become a true cyber sleuth!
Ace our Click with Caution cyber-safe activities!
Activities
If you haven't already done so, complete the following to test your know-how.
How much do you know? Phishing detective quiz
Download the Click with Caution Zoom background
Here's a simple way to remember to Click with Caution. Download our background and start using it when you're meeting with others. A great way to keep it top of mind.
Click with Caution Poster
Download our Click with Caution poster and put it up in your workplace (at home or in the office) to remind everyone in your area to Click with Caution!
Here are some easy things you can do:
- Email your colleagues a link to the Click with Caution toolkit.
- Encourage them to get involved.
- Share with those in your department at a team meeting. Make it fun by talking about what you learned through the Click with Caution toolkit.
- Encourage everyone in your office to download the Click with Caution Zoom background.
- Download the Click with Caution poster and display it in your workspace.