Report, don’t respond to unexpected urgent emails - Cybersecurity tips
July 12, 2023
As technology changes, so do the ways cybercriminals stage their attacks. Be aware of the new ways cybercriminals use social engineering to trick you into providing access to your account.
Yale is seeing an uptick in attempted social engineering phishing attacks. These attacks consist of emails urging you to take quick action. This includes, but is not limited to:
- An urgent email that appears to come from Yale IT. It threatens to cut off your email access if you don’t respond or login via a link.
- A job offer via email that requests personal information to move forward.
They aim to create an urgency and fear to pressure you to act quickly, without thinking.
We are all overwhelmed with email. It can happen to any of us. To avoid falling victim, use these tips to steer clear of their threats.
- Report, don’t respond: Don’t respond to unexpected, urgent emails. A threatening email may compel you to act quickly out of fear. Instead, reach out for help. Report the suspected phishing e-mail using the ‘report a phish’ button available in Outlook. Learn more about how to report phish in Outlook and EliApps.
- Don’t enter your NetID and password via unexpected links or webpages. Remember, Yale will never ask for your username and password. Trust your gut and don’t supply the requested details. Instead, report any email asking for this information.
- Don’t approve unknown DUO MFA prompts. If you receive an MFA prompt that you did not initiate, do not approve it. Hit the red “deny” button. When the application screen asks you if this is a suspicious login, hit “yes”. This will alert the security team to investigate further.
Remember our Bee SAFE, Not Sorry campaign about reporting suspicious behavior? Phishing attacks are something you want to report right away. It is better to be safe and report a legitimate email, rather than respond and fall victim to a social engineering attack.
Keeping your and Yale’s data safe is critical. Visit the many resources we have on reporting incidents and social engineering. This includes our:
Find this tip helpful? Please forward to a colleague to up their cyber IQ too!