Did you know that both new cyber tactics and old tricks are being used against us? Boost your cyber know-how to guard against deepfakes and fake login screens.
With technology changing at lightning speed, we all need to be aware of potential threats that can impact Yale data and systems. These threats are increasingly hard to detect.
You may know of many tricks cybercriminals use, but do you know about deepfakes?
Deepfakes use artificial intelligence (AI) to mimic another person’s appearance and voice in real-time. They create hyper-realistic, convincing simulations of people claiming to be someone they are not.
In a recent incident, a multinational firm based in Hong Kong lost $25 million when cybercriminals posed as the organization’s Chief Financial Officer and other colleagues in a Zoom meeting, and the criminals tricked an employee into transferring them $25 million.
While deepfakes often target people in financial roles, it’s important to know the specific signs should you witness suspicious behavior.
How to spot deepfake attempts:
- Unusual phone calls or videos appearing to come from trusted colleagues or senior executives leading to a financial transaction request
- Unexpected requests to make a purchase, transfer funds, or update accounts payable information
- A sense of urgency or secrecy in the request
What to do:
If in doubt, trust your gut and take additional action to be sure:
- Consult with others before proceeding.
- Verify the request by contacting the claimed requester using a separate, trusted communication channel such as email or a phone call. You should initiate the conversation via this channel.
- Report any suspected deepfake fraud attempts to the Information Security Office.
Phishing: Fake Login Screens
Know where you are putting your credentials. A common tactic cybercriminals use is to replicate Yale login screens, including our Central Authentication System (CAS) page and email login screens. Pause to ensure the page is legitimate by checking the address bar in your browser.
What to do:
- Double-check the URL before entering your information into a screen that looks like CAS. Cybercriminals are pros at replicating screens that look just like ours.
- Don’t enter your NetID and password via unexpected links or web pages. Remember, Yale will never ask for your username and password. Trust your gut, and don’t supply the requested details. Instead, report any email asking for this information.
Think empowerment, not embarrassment.
It’s hard to tell what’s real and what’s not. We encourage you to seek help should something seem suspicious.
Think of the Information Security Office as your partners in helping to prevent the loss of confidential information at Yale.
Ready to learn more?
Keeping your and Yale’s data safe is critical. Visit the many resources we have on reporting incidents and social engineering, including our:
- Report an Incident web page - to report any suspicious cyber behavior.
- Click with Caution web page - for how to spot these phishing attacks.
- Building Cybersecurity Habits checklist - to keep important cyber habits top of mind.