Skip to main content
header option 1

Click with Caution Toolkit

Trust your gut. Don't click on unexpected or unfamiliar links.

Click with Caution Icon

The bad news...

it’s not just email anymore. Bad actors are everywhere. They are finding new ways to get you to reveal personal or sensitive information.

The good news...

The Yale Information Security Office (ISO) has your back with easy-to-follow tips to help you outsmart the smartest crooks.

Our Cybersecurity Awareness Program introduces simple, repeatable actions to keep your data out of harm’s way.

This month we’re introducing our Click with Caution toolkit! Want to avoid clicking on malicious links? We invite you to learn about phishing and how to stay safe at home and at work.

Let's Click with Caution and keep our Yale data and systems safe. Happy reading, learning and doing!

Have a suspicious email to report?

Call the Help Desk at 203-432-9000 or visit

Use this toolkit to learn how to Click with Caution and enter to win cybersecurity awareness swag!

cyber awareness quiz

Are you an expert at social engineering?

What do you already know about phishing and clicking with caution? Take our Buzzfeed style quiz to find out! Get a high score and you might even win some cybersecurity awareness swag!

Take the quiz and find out
phishing smishing vishing

Phishing, vishing, smishing, oh my!

There are so many ways cyber criminals try to steal our information. What does it all mean? Learn some new terminology to steer clear of the bad guys.

Learn these phishy terms
locks and cyber attacks

A cyber attack occurs every 39 seconds.

This means cyber attackers are working around the clock. They will attempt to steal your personal information any way they can. Here is what you can do at home or at work.

What you can do
spyglass cyber sleuth how to

How to become a cyber sleuth

We receive A LOT of email. Know when to tell the real stuff from the fake stuff using our FUDGE model. Complete our phishing detection activity to become a true cyber sleuth!

Complete phishing detection activity
zoom click

Helpful resources at your fingertips

Download and use our Click with Caution resources to test your knowledge and show your cybersecurity awareness support.

Check out our Click with Caution resources now!
get the word out

Ways to spread the word!

Love cybersecurity awareness? Eager to help get your colleagues in the know? We invite you to spread the word.

Spread the word
what do I know

Find out what you know (or DON'T know) about phishing

Are YOU a cyber awareness whiz? Take the quiz and and find out!

Take the Quiz  

Keep Click with Caution in Mind - it doesn't just happen at work!

Phishing Phrases

Have you ever gotten a suspicious e-mail, text, call? These are all examples of social engineering!

Social engineering is using deception to manipulate people into sharing confidential or personal information that might be used for fraudulent purposes.

We know you've heard of phishing. You know, those fake emails asking you to click a link. Well, there’s a lot more to it than just email!

  • There’s also vishing (voice-phishing). Ever get a call from the IRS? Be aware for phony phone calls or voice messages trying to steal your personal information.
  • Smishing (text message phishing) is also a thing. Did you REALLY win a $500 Amazon gift card? That’s probably a fake text or SMS message.
  • Spear-phishing (targeted messages) can be any of these types of phishes. Spear-phishes though are modified to specifically address the individual.

Master these phishy terms with our Word Search!

Word Search 

This means cyber attackers are working around the clock. They will attempt to steal your personal information any way they can, anywhere you are.

Go Straight to the Source

At home

Did you receive an unexpected email from a friend or family member? Does it meet any of the FUDGE (Fear, Urgency, Desire to Please, Greed, or Emotions) Model? Instead of responding, call the friend/family member and talk to them directly.

At Yale

Did your boss or department head ask you to buy gift cards via email? Did they ask you for money right away? Does the request seem odd? Urgent? Before you do anything, make sure it is really them. Do not reply to the email you received. Call them to verify their request is real before falling for a potential phish. 

Be Safe, Not Sorry!

At home

If you’re not sure, don’t respond. Instead, go straight to the source. Does it meet all the criteria of the FUDGE model? If yes, mark it as JUNK or SPAM in your personal email client.

At Yale

Call the Help Desk at 203-432-9000. They are trained to help us identify phishing messages and mitigate them as soon as possible. You can also report the phish. See Click with Caution for more details.

Hover to Discover

At home

Hover over the email address to verify the sender is who they say they are. Bad actors may appear to be a familiar company or an email address.

At Yale

Inaccurate or misspelled email addresses offer a clue that something is wrong. For example,

Phishing is the #1 threat involved in 36% of data breaches.

Fact or Fudge?

Can you tell the difference between a real and fake message, email, link? Test your phish detection skills with our phishing detective quiz and be entered to win cybersecurity awareness swag!

pic 2 fudge

Use the "FUDGE" Model

We receive A LOT of email. Know when to tell the real stuff from the fake stuff using our FUDGE model. Phishing messages often show one or more of the following signs:


fudge logo social

Fear—the message is trying to scare you into giving information or taking an action.

Urgency—the message is saying you must take immediate action, “or else”.

Desire to Please—the message appears to come from someone you want to please, like a boss or executive. It makes you feel like you are doing the “right” thing, even though it doesn’t seem normal.

Greed—the message is saying you are the winner of something you want. If it seems too good to be true, it probably is.

Emotions—the message is playing at your emotions. Trust your gut. If you feel something is off, don’t take action, click the link, or open the attachment.

More than 60% of social engineering attacks involve malware infections.

Become a Cyber Sleuth

Complete our phishing detection activity to become a true cyber sleuth!

Take Phishing Detective Quiz 

In 85% of social engineering breaches, stolen credentials are the result.

Ace our Click with Caution cyber-safe activities!


If you haven't already done so, complete the following to test your know-how.

How much do you know?      Phishing detective quiz 


team zoom click

Download the Click with Caution Zoom background

Here's a simple way to remember to Click with Caution. Download our background and start using it when you're meeting with others. A great way to keep it top of mind. 

Download the background

Click with Caution Poster

Download our Click with Caution poster and put it up in your workplace (at home or in the office) to remind everyone in your area to Click with Caution!

Download the Poster
It takes all of us!

Ways to spread the word

Do you have friends or colleagues that would benefit from cybersecurity awareness knowledge?  Don’t be shy, please spread the word!


spread word ppl 1

Here are some easy things you can do: