As technology changes, so do the ways cybercriminals stage their attacks. Be aware of the new ways cybercriminals use social engineering to trick you into providing access to your account.
Yale is seeing an uptick in attempted social engineering phishing attacks. These attacks consist of emails urging you to take quick action, including, but not limited to:
- An urgent email appearing to come from Yale IT and threatening to cut off your email access if you don’t respond or log in via a link
- A job offer via email that requests personal information to move forward
They aim to create urgency and fear to pressure you to act quickly, without thinking.
We are all overwhelmed with email. It can happen to any of us. To avoid falling victim, use these tips to steer clear of their threats.
- Report, don’t respond: Don’t respond to unexpected, urgent emails. A threatening email may compel you to act quickly out of fear. Instead, reach out for help. Report the suspected phishing e-mail using Outlook's ‘report a phish’ option. Learn more about how to report phish in Outlook and EliApps.
- Don’t enter your NetID and password via unexpected links or web pages. Remember, Yale will never ask for your username and password. Trust your gut, and don’t supply the requested details. Instead, report any email asking for this information.
- Don’t approve unknown DUO MFA prompts. If you receive an MFA prompt that you did not initiate, do not approve it. Hit the red “deny” button. When the application screen asks if this is a suspicious login, select “Yes” to alert the security team to investigate further.
Remember our Bee SAFE, Not Sorry campaign about reporting suspicious behavior? Phishing attacks are something you want to report right away. It is better to be safe and report a legitimate email rather than respond and fall victim to a social engineering attack.
Ready to learn more?
Keeping your and Yale’s data safe is critical. Visit the many resources we have on reporting incidents and social engineering. This includes our:
- Report an Incident web page to report any suspicious cyber behavior.
- Click with Caution web page for how to spot these phishing attacks.
- Recognize and Avoid Social Engineering news article in the Summer edition of the Bee Cyber Fit newsletter.