Have you ever gotten a suspicious email, call, or message? Did you know what to do?
Cybercriminals go “phishing” to trick us into revealing sensitive information. Phishing uses social engineering to manipulate our behaviors and emotions for fraudulent purposes. The goal is to trick us into sharing our account credentials and other sensitive data.
We’re sharing simple steps that encourage mindful behavior and cyber safety:
- Recognize red flags indicating suspicious messages
- Relax before reacting and take a moment to breathe and pause
- Rethink the way you respond
Taking the extra step to be mindful and not respond to suspicious messages goes a long way in keeping your and Yale's data safe!
Recognize
Be alert and know what to look for.
Phishing messages often contain red flags. If we know what to look for we can recognize and avoid suspicious messages. Know when to tell the real stuff from the fake stuff using our FUDGE model of common phishing tactics.
Think outside your inbox. Phishing isn’t just email anymore – bad actors try to fool us over phone calls, text messages, websites, social media, and more.
Relax
Pause and be mindful before responding to messages.
Cybercriminals know we're more likely to fall for a scam when we're busy or urged into quick action. Pausing to consider the validity of a request helps us avoid falling for scams. Pausing also helps prevent quick responses that might be against our better judgment.
Ask yourself these questions before reacting to an unusual request:
- Am I sure this request is coming from the person I think it is?
- Is this request unusual, suspicious, or outside the norm?
- Would I rather: Confirm with the source? Or take a chance and risk losing access to my work and exposing Yale data or resources?
Rethink
Consider how we react when responding to digital requests.
What do you do if you’re going out and expecting rain? Do you check with your trusted weatherperson? Are you cautious and pack an umbrella or raincoat? Or do you throw caution to the wind and hope for the best? Whatever the case you likely consider the best course of action.
Most often it's the communication methods we know and trust that cybercriminals target. They'll even impersonate people we know!
Sometimes responding isn’t the best answer. Think about going directly to the source, reaching out to the Yale Help Desk, or reporting to the Information Security Office.
Use these helpful tips to supercharge your sleuthing skills:
- Don’t open suspicious or unexpected links or attachments.
- Only put your credentials into familiar websites.
- Go straight to the source when in doubt.
- Trust your gut if something seems suspicious.
Report suspicious cyber activity, right away - including suspicious emails!
Feeling hesitant, embarrassed, or unsure? Even if it winds up being nothing, it's better to be safe not sorry. Go with your gut if something seems unusual or suspicious.
You can also check out our Bee SAFE, Not Sorry model for recognizing, reporting, and responding to cybersecurity incidents.