The bad news...
it’s not just email anymore. Bad actors are everywhere. They are finding new ways to get you to reveal personal or sensitive information.
The good news...
The Yale Information Security Office (ISO) has your back with easy-to-follow tips to help you outsmart the smartest crooks.
Our Cybersecurity Awareness Program introduces simple, repeatable actions to keep your data out of harm’s way.
This month we’re introducing our Click with Caution toolkit! Want to avoid clicking on malicious links? We invite you to learn about phishing and how to stay safe at home and at work.
Let's Click with Caution and keep our Yale data and systems safe. Happy reading, learning and doing!
Have a suspicious email to report?
Call the Help Desk at 203-432-9000 or visit helpme.yale.edu.
Ready, Set, Grow!
Use this toolkit to learn how to Click with Caution and enter to win cybersecurity awareness swag!
Have you ever gotten a suspicious e-mail, text, call? These are all examples of social engineering!
Social engineering is using deception to manipulate people into sharing confidential or personal information that might be used for fraudulent purposes.
We know you've heard of phishing. You know, those fake emails asking you to click a link. Well, there’s a lot more to it than just email!
- There’s also vishing (voice-phishing). Ever get a call from the IRS? Be aware for phony phone calls or voice messages trying to steal your personal information.
- Smishing (text message phishing) is also a thing. Did you REALLY win a $500 Amazon gift card? That’s probably a fake text or SMS message.
- Spear-phishing (targeted messages) can be any of these types of phishes. Spear-phishes though are modified to specifically address the individual.
Master these phishy terms with our Word Search!
A cyber attack occurs every 39 seconds.
This means cyber attackers are working around the clock. They will attempt to steal your personal information any way they can, anywhere you are.
Go Straight to the Source
Did you receive an unexpected email from a friend or family member? Does it meet any of the FUDGE (Fear, Urgency, Desire to Please, Greed, or Emotions) Model? Instead of responding, call the friend/family member and talk to them directly.
Did your boss or department head ask you to buy gift cards via email? Did they ask you for money right away? Does the request seem odd? Urgent? Before you do anything, make sure it is really them. Do not reply to the email you received. Call them to verify their request is real before falling for a potential phish.
Be Safe, Not Sorry!
If you’re not sure, don’t respond. Instead, go straight to the source. Does it meet all the criteria of the FUDGE model? If yes, mark it as JUNK or SPAM in your personal email client.
Call the Help Desk at 203-432-9000. They are trained to help us identify phishing messages and mitigate them as soon as possible. You can also report the phish. See Click with Caution for more details.
Hover to Discover
Hover over the email address to verify the sender is who they say they are. Bad actors may appear to be a familiar company or an @yale.edu email address.
Inaccurate or misspelled email addresses offer a clue that something is wrong. For example, firstname.lastname@example.org.
Fact or Fudge?
Can you tell the difference between a real and fake message, email, link? Test your phish detection skills with our phishing detective quiz and be entered to win cybersecurity awareness swag!
Use the "FUDGE" Model
We receive A LOT of email. Know when to tell the real stuff from the fake stuff using our FUDGE model. Phishing messages often show one or more of the following signs:
Fear—the message is trying to scare you into giving information or taking an action.
Urgency—the message is saying you must take immediate action, “or else”.
Desire to Please—the message appears to come from someone you want to please, like a boss or executive. It makes you feel like you are doing the “right” thing, even though it doesn’t seem normal.
Greed—the message is saying you are the winner of something you want. If it seems too good to be true, it probably is.
Emotions—the message is playing at your emotions. Trust your gut. If you feel something is off, don’t take action, click the link, or open the attachment.
Become a Cyber Sleuth
Complete our phishing detection activity to become a true cyber sleuth!
Download the Click with Caution Zoom background
Here's a simple way to remember to Click with Caution. Download our background and start using it when you're meeting with others. A great way to keep it top of mind.
Here are some easy things you can do:
- Email your colleagues a link to the Click with Caution toolkit.
- Encourage them to get involved.
- Share with those in your department at a team meeting. Make it fun by talking about what you learned through the Click with Caution toolkit.
- Encourage everyone in your office to download the Click with Caution Zoom background.
- Download the Click with Caution poster and display it in your workspace.