Skip to main content

Message from the CISO: Be mindful to avoid phishing attacks

  • Announcements
Click with Caution Icon

Dear members of the Yale Community,

In April, I wrote to you about the important responsibilities we all have to report suspicious cyber activity. Today, I want to underscore the importance of recognizing and reporting suspicious emails you may receive.

Recently, Yale has seen an uptick in phishing emails. These messages are designed to trick the Yale community into clicking on links or attachments. We continue to see campaigns where people unintentionally share their NetID, password, and other sensitive information.

Here’s what we are doing to try and reduce the number of compromised accounts:

  • Upgrading DUO, Yale’s Multifactor Authentication (MFA) tool. This will introduce an updated look and provide new opportunities to make accounts harder to phish.
  • Investing in new tools to detect and prevent phishing messages before they reach your inbox.
  • Updating with timely information to help you recognize the latest phishing tactics.

Here are simple steps you can take to help:

  • Recognize urgent, unexpected emails. Any email that seems out of the norm could be malicious.
  • Report these messages instead of responding. It is better to be safe than sorry.

Lastly, I invite you to strengthen your cyber muscles during our campaign, Click with Caution: Recognize, Relax, Rethink:

  • Complete the self-paced puzzle and register for upcoming awareness events.
  • Hear me speak about why we are seeing increased phishing attacks and their impact on Yale on Wednesday, September 13.
  • Register for the September 21 panel discussion, Anatomy of a Phish. Learn how many different variables come together to trick us - and what you can do about it.

The Click with Caution campaign will help you identify phishing messages, pause to consider if they are suspicious, and determine what action you should take.

Thank you for your ongoing commitment to doing your part in protecting Yale's data and systems.



Jeremy Rosenberg
Chief Information Security Officer

Report suspicious activity right away to the Information Security Office.

Don’t be worried about blame or embarrassment. For urgent matters call 203-627-4665. For all other security matters, please email us at

Sign up for alerts about cybersecurity awareness events and information.