Phish Bowl/Phishing Scams

The UCLA Information Security Office advises faculty, staff, and students to be vigilant when opening emails from unknown, suspicious, or unexpected senders. Some of these messages can contain malicious content in the form of infected file attachments or attempts to steal personal information through carefully-crafted social engineering campaigns.

These emails, collectively called "phishing emails," or "phishing scams," are designed to trick campus users into providing their passwords and other identifying information to attackers.  They can also be designed to extort money or trick users into navigating to fake login pages, which can sometimes mimic the look of well-known logon screens, like the UCLA Logon page.

How to Report a Phishing Scam

The UCLA Information Security Office requests that campus users report phishing messages to our team so that we can proactively alert campus users and bring awareness to widespread phishing campaigns. In order for the Information Security Office to take action in response to a reported phishing message, please follow these steps:

  1. Provide a full copy of the email by "saving" the email within your email client.
    • For Microsoft Outlook users, this can be accomplished by hitting File > Save As after opening the email.
  2. Compose a new email with the previously-saved phishing message added as an attachment.
  3. Send the resulting message and attachment to security@ucla.edu with a subject line identifying the message as a phishing report.

It is important to be aware of fraudulent phishing schemes. Check back here for known phishing attacks.

 
DatePhishing AlertDescription
7/19/17Mail TeamPhishing email asing user to log in to verify unrecognized device
6/30/17Mastercard BillingPhishing email saying personal Mastercard will be billed
6/28/17UCLA Part Time Job OfferPhishing email offering part-time job at UCLA
6/27/17Work Application ApprovedPhishing email saying your work application is approved and offering a position
6/23/17Attention BeneficiaryPhishing email saying name is on an overdue payment schedule database
6/23/17Regarding availability of Research Projects in your Esteemed InstitutionPhishing email from Harsha Vardhan Reddy interested in research projects
6/23/17Tesco Credit AccountPhishing email asking for Tesco credit card login information
6/23/17Your Account Has Developed an ErrorPhishing email claiming a UCLA database error is about to shut down a user account
6/20/17Dear ApplicantPhishing email about a position at corestaff Services
6/13/17Service for Laboratory InstrumentsPhishing email about a study being conducted regarding laboratory equipment
6/8/17Please readPhishing email saying mailbox has exceeded its quota/limit
6/7/17You've got ONE DAY to read thisPhishing email prompting the reader to open a shared documents supposedly from Dropbox
6/7/17Unbalanced PaymentPhishing email claiming that a pending payment did not resolve due to errors
6/7/17Attention NeededPhishing email claiming that a payment did not resolve due to server errors
6/6/17Payroll Schedule MessagePhishing email saying the 2017 payroll calendar is now available
6/6/171 New Important MessagePhishing email saying there's an important message from the school faculty
6/5/17Inquiry from NigeriaPhishing email claiming to be a Nigerian government member offering millions of dollars for unspecified work
6/5/17UCLA Students Part Time JobPhishing email offering part time job to UCLA students
6/5/17Payment Held BackPhishing email claiming a recent payment transfer has been put on hold
5/27/17Unrecognized Sign-inPhishing email saying user has to pass second sign-in verification
5/25/17

RE: Microsoft Outlook Email Update

Phishing email saying all staff and students are expected to migrate to new 2017 Microsoft Web Outlook portal
5/23/17Account ( WELCOME xxx)Phishing email saying information needs to be udated within 24 hours
5/15/17RE: Action Required, Staff OnlyPhishing email saying staff is required to migrate to the new office365
5/12/17Cornell University SoftballPhishing email from someone with Cornell softball with a link to a confidential file
5/11/17Invoice #886557-69344Phishing email saying a file is attached to the email
5/10/17UCLA Office 365 Verification!Phishing email prompting user to sign in to Office 365 to verify their myUCLA account
5/10/17MyUCLA Access Verification!Phishing email prompting user to sign in to verify their myUCLA account
5/8/17Do Not Ignore this DocumentPhishing email asking user to sign an important document to open it
5/8/17Library AccountPhishing email asking user to click link to re-activate UCLA Library account
5/4/17You've Got An Urgent Security Alert.Phishing email saying user needs to re-activate debit card to avoid it from being blocked
5/3/17xxx has shared a document on Google Docs with youPhishing email saying someone has shared a document with the user
4/19/17Student Health CenterPhishing email prompting the user to review a secure message from the student health center
4/17/17LibraryPhishing email informing recipient about library account expiring soon
4/4/17Part Time Personal Assistant JobPhishing email saying a job is available
4/4/17IT Help DeskPhishing email saying to update account or email will be blocked
3/29/17Confirm EmailPhishing email warning of too large inbox
3/13/17Final NoticePhishing email claiming educational mailbox has been compromised
3/9/17UPS issue #6333505: unable to delivery parcelPhishing email claiming that parcel has not been delivered
3/7/17RE: To AllPhishing email with a link to "login" to access various features available to staff and students
3/1/17Important Notice.Phishing email with a link to a "blackboard" log sheet
3/1/17PA Selected CandidatePhishing email offering students a job as a personal assistant for $600/week
2/22/17On-Campus Job RecruitingPhishing email seeking individuals for a job opportunity
2/22/17Fund Not ReceivedPhishing email telling user that they were supposed to have received a $27M fund
2/22/17Error in 2017 W-2 FormPhishing email claiming that user may have been short paid by the IRS
2/22/17Urgent! Mail account errorPhishing email from fake UCLA Database Admin seeking user's personal information
2/22/17Parking TicketPhishing email from "Police Department" asking the user to download a malicious "parking ticket"
2/22/17Update Your Account NowPhishing email from an osu. edu address asking UC members to update their email information
2/22/17Account UpdatePhishing email from an ITS impersonator claiming to upgrade the user's Microsoft Outlook account
2/21/17Wire for Invoice #11222Phishing email from an unaffiliated email asking user to review invoice document
2/17/17Take account:Urgent Payroll UpdatePhishing email from AYSO asking user to update account
2/8/17Campus Security NotoficationPhishing email instructing to follow a protocol due to a security concern 
2/6/17What a nice surprise)Phishing email from Rozumalski Elizabeth
1/24/17Unusual activity detected on your UCLAPhishing email claiming that an update must be done due to unusual activity on the user's account
1/19/17Urgent IssuePhishing email claiming to be a UCLA Admin upgrading the recipient's UCLA mailbox
1/17/17Re: IT Service Holp DeskPhishing email detailing an Outlook update
12/21/16Product Order RequestPhishing email inquiring about product prices with infected link
12/7/16PayPal Account UpdatePhishing email from "PayPal" saying account has been updated
12/6/16Attached Scan Image from MX2310UPhishing email from a "departmental address" with an attached scanned image
12/5/16Parcel Not DeliveredPhishing email claiming that an ordered parcel was not delivered and asking the user to open a file to print a label
12/5/16Mailbox UpgradePhishing email claiming to upgrade mailbox size
12/5/16Parcel Shipped EmailPhishing email claiming to confirm that a parcel has been shipped
12/5/16UConnection DiscountPhishing email offering discounts and free food in Westwood
11/28/16Outlook Web App for StaffPhishing email about "Outlook Web App for staff"
11/25/16Email Validation UCLA Central Authentication ServicePhishing email from "UCLA Central Authentication Service" asking for credentials
11/21/16Email Validation from Pamela BerryPhishing email from "Pamela Berry" alerting users of scheduled maintenance and the need to validate their accounts
11/9/16Malware Attachment from Augustine MccormickPhishing email from "Augustine Mccormick" alerting users he had to block their account and to open the attachment for instructions
10/21/16Amazon ServicePhishing email from "Amazon Service" regarding a refund
10/11/16Account Management Password ResetPhishing email targeting UCLA staff to change their account management password
10/11/16Wire to ProcessPhishing email saying that a payment by wire is needed
10/4/16Wire PaymentPhishing email saying that a payment by wire is needed
9/20/16Transaction RequestPhishing email saying that a transaction needed to be completed
9/9/16UCLA Help DeskPhishing email from "UCLA Helpdesk" indicating the need to verify an account
6/20/16Student PaymentsPhishing email saying there's a balance due on a bill
8/9/16Password ReminderPhishing email indicating that password needs to be reset
6/20/16Student PaymentsPhishing email saying there's a balance due on a bill
6/18/16"Bruin Alert" EmailPhishing email from "Bruin Alert" for staff and students to log in and confirm credentials
5/19/16You Have a MessagePhishing email saying to click on a link to see a message
4/15/16Password ExpirationPhishing email sent from "Robert Misage" about a password that needs to be reset
4/13/16UCLA TFT User ActivationPhishing email saying a TFT account has been created and the user needs to activate it
3/9/16Upgrading Mailbox QuotaPhishing email sent from "Larry Johnston" about needing to update mailbox quota asap
2/22/16Tesco BankPhishing email alerting of online banking changes