Report, don’t respond to unexpected urgent emails - Cybersecurity tips
July 12, 2023
As technology changes, so do the ways cybercriminals stage their attacks. Be aware of the new ways cybercriminals use social engineering to trick you into providing access to your account.
Yale is seeing an uptick in attempted social engineering phishing attacks. These attacks consist of emails urging you to take quick action. This includes, but is not limited to:
- An urgent email that appears to come from Yale IT. It threatens to cut off your email access if you don’t respond or login via a link.
- A job offer via email that requests personal information to move forward.
They aim to create an urgency and fear to pressure you to act quickly, without thinking.
We are all overwhelmed with email. It can happen to any of us. To avoid falling victim, use these tips to steer clear of their threats.
- Report, don’t respond: Don’t respond to unexpected, urgent emails. A threatening email may compel you to act quickly out of fear. Instead, reach out for help. Report the suspected phishing e-mail using the ‘report a phish’ button available in Outlook. Learn more about how to report phish in Outlook and EliApps.
- Don’t enter your NetID and password via unexpected links or webpages. Remember, Yale will never ask for your username and password. Trust your gut and don’t supply the requested details. Instead, report any email asking for this information.
- Don’t approve unknown DUO MFA prompts. If you receive an MFA prompt that you did not initiate, do not approve it. Hit the red “deny” button. When the application screen asks you if this is a suspicious login, hit “yes”. This will alert the security team to investigate further.
Remember our Bee SAFE, Not Sorry campaign about reporting suspicious behavior? Phishing attacks are something you want to report right away. It is better to be safe and report a legitimate email, rather than respond and fall victim to a social engineering attack.
Learn more
Keeping your and Yale’s data safe is critical. Visit the many resources we have on reporting incidents and social engineering. This includes our:
- Report an Incident webpage to report any suspicious cyber behavior.
- Click with Caution webpage for how to spot these phishing attacks.
- Recognize and Avoid Social Engineering news article in the Summer edition of the Bee Cyber Fit newsletter.
Find this tip helpful? Please forward to a colleague to up their cyber IQ too!