We want to hear from you! Take the survey.
How do you use It’s Your Yale? How can it be improved? Answer for a chance to win Yale swag.
Cybersecurity awareness updates: July 2023
July 13, 2023
Wordle, anyone? Uncover the Cyber Bee’s name!
Earlier this year, we asked for your help naming the Bee Cyber Fit bee. Solve our Wordle challenge to uncover the full name! _______, the Cyber Bee!
Be sure to submit your entry at the end of the puzzle for a chance to win one of our exclusive prize packs.
Report, don’t respond to unexpected urgent emails
As technology changes, so do the ways cybercriminals stage their attacks. Be aware of the new ways cybercriminals use social engineering to trick you into providing access to your account.
Yale is seeing an uptick in attempted social engineering phishing attacks. These attacks consist of emails urging you to take quick action. This includes, but is not limited to:
- An urgent email that appears to come from Yale IT. It threatens to cut off your email access if you don’t respond or login via a link.
- A job offer via email that requests personal information to move forward.
They aim to create an urgency and fear to pressure you to act quickly, without thinking.
We are all overwhelmed with email. It can happen to any of us. To avoid falling victim, use these tips to steer clear of their threats.
- Report, don’t respond: Don’t respond to unexpected, urgent emails. A threatening email may compel you to act quickly out of fear. Instead, reach out for help. Report the suspected phishing e-mail using the ‘report a phish’ button available in Outlook. Learn more about how to report phish in Outlook and EliApps.
- Don’t enter your NetID and password via unexpected links or webpages. Remember, Yale will never ask for your username and password. Trust your gut and don’t supply the requested details. Instead, report any email asking for this information.
- Don’t approve unknown DUO MFA prompts. If you receive an MFA prompt that you did not initiate, do not approve it. Hit the red “deny” button. When the application screen asks you if this is a suspicious login, hit “yes”. This will alert the security team to investigate further.
Remember our Bee SAFE, Not Sorry campaign about reporting suspicious behavior? Phishing attacks are something you want to report right away. It is better to be safe and report a legitimate email, rather than respond and fall victim to a social engineering attack.
Ready to learn more?
Visit our Report an Incident webpage for more best practices. In addition, read our article, Recognize and Avoid Social Engineering in the Summer edition of the Bee Cyber Fit newsletter. These are simple steps to build your cyber muscles.