Skip to main content

BEEn There, Done That: Stories from the Community

Have you ever thought to yourself, "I'd never fall victim to a scam"? The truth is, scams are always evolving and becoming more complex. And that makes us all potential victims.

Continue reading to find out how Yale's own Chief Information Security Officer, Jeremy Rosenberg, fell victim to a sophisticated phishing attack.

 

Shopping mall

On a crowded day at the mall, Jeremy was waiting for his wife and daughter as they finished shopping. Excited by the recent purchase of a new iPhone, he took the opportunity to enjoy his new device.

Without warning, someone raced by and snatched the phone from Jeremy's hand. Seconds later the thief was out of sight leaving him shaken and alarmed.

He immediately used his wife's phone to remotely lock the stolen device and enable the "Find My iPhone" function. Unfortunately, the thief had thought ahead and powered down the device to prevent it from being located.

Jeremy went on to get a replacement phone and have his phone number transferred to the new device. He then continued on with life - albeit shaken and holding his phone with an iron grip.

Smartphone email icon

Fast forward a week or two and Jeremy is carrying about a typical, busy work day. Shortly after lunch, he received a text message. "Find my iPhone" had located his stolen device and he could log in to see its location.

With only a few moments between meetings, Jeremy tapped the link and followed the prompts to sign in. He entered his credentials and stepped through the multifactor authentication process. But instead of leading to his account, the login process redirected him to the Apple homepage.

Jeremy immediately realized he'd fallen victim to a phishing scam. The text message was a phishing attack meant to trick him into handing over his account credentials. In less than a minute, Jeremy had logged in and changed his password. But the criminals (or their computer-aided hacking tools) had already logged in to his account and released the device.

Jeremy's story reinforces the fact that any one of us can fall victim to a scam. In fact, in this story, the scammers used a common tactic - using our emotions against us. They prey on and often create a sense of urgency hoping we'll slip up.

 

Jeremy's advice: "Stop, take a beat, and think about what you're doing. You have a way better chance of staying a step ahead."

Have you ever fallen victim to a scam? We want to hear about it!

Sharing our stories helps us all learn how to be more cybersafe.

Submit your story