Be Alert: Increase in Phishing Messages

May 25, 2022

On May, 25, 2022, Yale's Information Security Office sent a message about a substantial increase in phishing activity across the university. Please see their email below and be alert!

To: Yale Community

Summary

  • We are noticing a substantial increase in phishing activity across the University.
  • Please do not click on links from unexpected or suspicious messages. The Yale ITS Help Desk will never ask for your password nor initiate contact with you via text message.
  • It's better to be safe than sorry. Some bad actors are so good that it's hard to tell an authentic message from a fake. When in doubt, don't click the link - go straight to the source. Click with caution by following the tips below to confirm a message is legitimate.

Details

We are sending you this notification because the Information Security Office has seen an increase in phishing attempts via email and text messages. These messages can sometimes appear to come from members of the Yale community.
 
Here are a few helpful reminders about phishing messages:
  1. Be Cautious. Do not click on unexpected or unfamiliar links. This is true for emails and text messages, even if they appear to come from someone you know or address you directly.
  2. Go straight to the source. When you receive an unexpected email, don't take action right away. Instead, find ways to contact that person, office, or service directly. This could include visiting the online site the way you normally would or initiating a phone call to the person/office directly. Do not follow links or phone numbers included in the message itself.
  3. Be safe, not sorry. The Yale ITS Help Desk will never contact you via SMS text message. Report suspicious messages using one of our options:
    • Click on Report Message on the Outlook email banner and choose “phishing”(O365 users only).
    • Send full message headers to helpdesk@yale.edu (EliApps, O365).
    • Call the Help Desk at 203-432-9000, so the message can be quickly blocked.

Bad actors may use urgency or pressure to prompt a response. Please exercise caution with these emails, and when in doubt, call the Help Desk to share the message. For more information on phishing, visit our Click with Caution webpage.

Thank you,

Yale Information Security Office