Phish Bowl/Phishing Scams
The UCLA Information Security Office advises faculty, staff, and students to be vigilant when opening emails from unknown, suspicious, or unexpected senders. Some of these messages can contain malicious content in the form of infected file attachments or attempts to steal personal information through carefully-crafted social engineering campaigns.
These emails, collectively called "phishing emails," or "phishing scams," are designed to trick campus users into providing their passwords and other identifying information to attackers. They can also be designed to extort money or trick users into navigating to fake login pages, which can sometimes mimic the look of well-known logon screens, like the UCLA Logon page.
How to Report a Phishing Scam
The UCLA Information Security Office requests that campus users report phishing messages to our team so that we can proactively alert campus users and bring awareness to widespread phishing campaigns. In order for the Information Security Office to take action in response to a reported phishing message, please follow these steps:
- Provide a full copy of the email by "saving" the email within your email client.
- For Microsoft Outlook users, this can be accomplished by hitting File > Save As after opening the email.
- Compose a new email with the previously-saved phishing message added as an attachment.
- Send the resulting message and attachment to security@ucla.edu with a subject line identifying the message as a phishing report.
It is important to be aware of fraudulent phishing schemes. Check back here for known phishing attacks.
| Date | Phishing Alert | Description | |
|---|---|---|---|
| 12/14/18 | NEW-PART-TIME-WORK@NEWJOB[.]ORG HAS SHARED DIRECTORY - RADFORD UNIVERSITY | Phishing email advertising part-time work. | |
| 12/4/18 | Survey invitation to evaluate Steven Jonas | Phishing email asking users to take a survey. | |
| 11/30/18 | Re: IT Service Desk | Phishing email claiming to be from the IT Help Desk Team, asking the user to click on a link to update Outlook Web Access. | |
| 11/30/18 | 1 New Unread Email | Phishing email claiming to be from UCLA CS. | |
| 11/30/18 | SURVEY-EVALUATION-JOB@TMS.ORG | Phishing email advertising a survey evaluation job from Radford University. | |
| 11/5/18 | Billing Problem (Apple ID) | Phishing email posing as Apple asking user to click and verify information. | |
| 10/12/18 | Skype Message - Board Meeting Scheduled | Phishing email that states: "a meeting was schedule with you on skype" with link to click. | |
| 10/9/18 | Action Required: Email Account Synchronization Failed | Phishing email telling users they need to click on link to switch to a new web interface. | |
| 10/9/18 | Phishing email asking UCLA user to synchronize their mail. | ||
| 10/4/18 | Payment Successful | Phishing email posing as Apple asking users to sign in with Apple ID. | |
| 10/4/18 | ITHelp Desk | Phishing email asking users to validate account and click validation link. | |
| 10/4/18 | RE: Support Desk | Phishing email asking faculty/staff and employees to click link to update Outlook for 2018. | |
| 10/3/18 | Your Mailbox De-activation Notice | Phishing email asking users to verify their identity by clicking on a link. | |
| 10/3/18 | Email Policy Updates | Phishing email posing as Outlook Web app asking users to enter email and password. | |
| 9/20/18 | Unauthorized Failed Access | Phishing email posing as Bank of America asking user to click on link. | |
| 9/14/18 | FSA Phishing - Malicious Campaign Alert | Multiple institutions of higher education have reported that attackers are using a phishing email to obtain access to student accounts via their student portal. | |
| 9/14/18 | Google Accounts - Your Account Will Be Deactivated | Phishing email with notice: "This is to inform you that your request on: [DATE] to remove your account from gmail.com server has been approved and will initiate in one hour from the exact time you open this message." | |
| 9/12/18 | Part-time Job Opportunity (Multiple Scam Variants) | Phishing email advertising jobs for drivers willing to advertise "Australian Open" on their cars | |
| 9/11/18 | Attention UCLA User | Phishing email posing as UCLA server asking for login and password information | |
| 8/29/18 | Job Opening | Phishing email for job opening | |
| 8/22/18 | Sign Invoice | Phishing email using fake DocuSign invoice to collect user information | |
| 8/17/18 | University of California Employment Outreach | Phishing email advertising employment opportunity requesting applicant's full name, personal email, phone number and mailing address | |
| 8/13/18 | Human Resources - University of California-Los Angeles | Phishing email posing at Human Resources from UCLA for on-campus employment | |
| 7/30/18 | Fall Employment: College/University Job Opportunity | Phishing email claiming to be job offer for University faculty | |
| 7/27/18 | National Resident Matching Program | Phishing email claiming to have matched the reader with an institution | |
| 7/23/18 | Office 365 Scam (New Message from Peyton Harley) | Phishing email posing as Office 365 asking user to click link | |
| 7/18/18 | Sextortion Scam - Subject: [username] [old password] | Sextortion scam threatening to distribute your private and sensitive material if you don’t pay them in bitcoins | |
| 6/25/18 | Re: OIT - Updating / Protecting Faculty And Staff Account / Quarantine Exercise - Request Number [#000594541] | Phishing email claiming to be from UCLA OIT. | |
| 6/25/18 | ***Part/Full Time Employment Opportunity Available For Student On Holiday(New Job Offer)*** | Phishing email offering a fraudulent job | |
| 6/18/18 | Library Notifications | Phishing email claiming to be from the UCLA Library | |
| 6/11/18 | HR Job Opening | Phishing email for job opening | |
| 6/11/18 | Payment and Signup Bonus | Phishing email claiming to give user a payment and signup bonus with Stripe with prompts to click on links | |
| 6/8/18 | Your New Password Request | Phishing email claiming to be Microsoft with a new password for your Office365 | |
| 6/7/18 | Microsoft New or Modified User Account | Phishing email claiming to be Microsoft requesting verification of account | |
| 6/7/18 | Microsoft Account Security | Phishing email claiming Microsoft account security information has been updated | |
| 5/23/18 | Phishing email claiming to be a UC President & Chief Executive Officer with an "appended update" link for employees | ||
| 4/16/18 | Warning! | Phishing email prompting user to log into a link claiming to be from the UCLA Help Desk | |
| 4/16/18 | Employment Opportunity For Student Available (Part-Time Job) | Phishing email claiming to be an offer to work with a doctor | |
| 4/13/18 | Re: Admin Case ! | Phishing email asking to user to migrate to a new web version of Outlook | |
| 4/11/18 | University of California, HR | Phishing email claiming to be an offer to work with a doctor | |
| 4/11/18 | Your Office Lite Token | Phishing email prompting user to log in for an access code to Office 365Lite | |
| 4/05/18 | Re: IT Support/Help-Desk | Phishing email asking user to update Outlook/OWA | |
| 3/29/18 | Urgent: New Notification | Phishing email asking user to contact Human Resources about a paycheck issue | |
| 3/20/18 | Job Offer at Cisco [Part Time Position] | Phishing email containing a false job offer at Cisco | |
| 3/16/18 | Bill No 69469761 | Phishing email with a malicious attachment claiming to be an online payment processor | |
| 3/16/18 | RE: ADMIN CASE !! | Phishing email asking user to update Outlook Web App | |
| 3/16/18 | Complete password change request | Phishing email asking user to sign in to Office 365 to revert an unauthorized change of password | |
| 3/15/18 | Ucla security updates. | Phishing email asking user to sign in to the IT Help server to update their mailbox | |
| 3/14/18 | Purchase Order | Phishing email asking user to review a purchase order and to provide a copy of a quote | |
| 3/14/18 | Re: IT Newsletter | Phishing email mimicking a newsletter | |
| 3/14/18 | Untitled | Phishing email saying HEY with a link | |
| 3/9/18 | Ticket : Staff bulletin | Phishing email asking the recipient to log in and update payroll information | |
| 2/23/18 | RE: IT-Center ! | Phishing email saying user contacted the Helpdesk within last 7 days and to complete satisfation survey | |
| 2/15/18 | Unread Messages on Hold | Phishing email from IT Services Helpdesk to sign in to avoid cancellation | |
| 2/15/18 | UCLA Needs Your Help | Phishing email about being a paid note taker | |
| 2/15/18 | Settings Changed | Phishing email verifying a recent Windows device sign in | |
| 2/9/18 | Phishing email offering weekly pay for a simple job for Dr. Christopher C. Babbitt. | ||
| 2/9/18 | RE: ServiceDesk Request | Phishing email asking students to migrate to Outlook Web Access 2018. | |
| 1/30/18 | john colins has shared a link with you! | Phishing email about a mystery shopping job | |
| 1/26/18 | Fixed-Term (Part-Time) Faculty Positions | Phishing email to students regarding job offer | |
| 1/26/18 | Website Job Application | Phishing email looking for part-time work | |
| 1/26/18 | UCLA We Got Your Contact Through Your School | Phishing email saying CHARMMER-SUNBLET BEVERAGE CORP INC® is currently running a student empowerment programme | |
| 1/4/18 | Bad News | Phishing email saying wages will be garnished due to student loans | |
| 1/4/18 | Dr. Greenfield | Phishing email offering employment | |
| 1/1/18 | MyUCLA Portal Maintenance | Phishing email asking to confirm your account due to routine system maintenance | |
| 12/20/17 | Bruin Alert - Important Update | Phishing email asking to confirm your account due to important update | |
| 12/19/17 | Part Time Job Jobvite | Phishing email announcing job opportunity from Jobvite Agency | |
| 12/6/17 | [Info] Account Review | Phishing email asking you to verify your account with Apple. | |
| 12/4/17 | Scanned Document | Phishing email saying you have a scanned document from "Dropbox." | |
| 12/4/17 | Re: redacted | Phishing email notifying you that your Visa card will be charged soon. | |
| 11/21/17 | Payment Resolve | Phishing email saying user has a new notification regarding a payment. | |
| 11/20/17 | RE: Service Desk (Incident Report No: 0001232) | Phishing email saying user has received a migration/updgrade request. | |
| 10/24/17 | Part-Time Job Offer with Adelaide | Phishing email announcing employment opportunity with Adelaide. | |
| 10/24/17 | 2 New Messages with Subject Urgent Pending | Phishing email saying you have two new urgent messages to read. | |
| 10/5/17 | Re: Attention (Migration Warning) | Phishing email saying account will be disabled if user doesn't migrate to new Office 365. | |
| 9/20/17 | Notify | Phishing email saying mailbox is out of date and to confirm the email account | |
| 9/19/17 | Admin Position Opening | Phishing email announcing an administrative position | |
| 9/13/17 | Limited Time | Phishing email asking you to confirm your contact details | |
| 9/12/17 | Tutor | Phishing email requesting a tutor | |
| 8/24/17 | Metro Banking | Phishing email asking user to sign in for verification in order to process a refund | |
| 8/24/17 | Problems with Item Delivery | Phishing email telling you to click on an attachment and review delivery label. | |
| 8/23/17 | Unusual Login Attempt | Phishing email asking you to click on a link to verify account activity. | |
| 8/14/17 | Notification: You Have a New Message | Phishing email informing you that your account will be deleted if you do not respond. | |
| 8/14/17 | Staff Only (Urgent Task) | Phishing email telling you to migrate to the Office 365 portal. | |
| 8/14/17 | You Have Received a Wire Transfer | Phishing email saying you've received a wire transfer | |
| 8/14/17 | You Have 1 Important Doc | Phishing email saying you have an important document waiting to view on Dropbox | |
| 8/9/17 | 9.01 GB Quota Upgrade | Phishing email informing you of a 9.01 mail quota upgrade | |
| 8/7/17 | You Have a New File (from UC) | Phishing email saying you have a new file to view | |
| 8/7/17 | Office 365 New Message | Phishing email saying you have new messages to view | |
| 8/3/17 | Admin Assistant Opening in Your Area | Phishing email offering an administrative assistant position | |
| 8/1/17 | RE: Pay Invoice - 8/01/2017 | Phishing email asking for invoice and attaching an invoice | |
| 8/1/17 | 9.4 GB | Phishing email asking you to click on a link for a quota upgrade | |
| 8/1/17 | Office 365 Email Verification | Phishing email asking you to verify your Office 365 account to avoid deletion | |
| 7/28/17 | Email Alert Marketing | Phishing email asking you to confirm your password | |
| 7/28/17 | Late Payment | Phishing email saying you have a late payment from Natwest Bank | |
| 7/28/17 | Part-time Job with "Cisco" | Phishing email offering a part-time job with Cisco | |
| 7/28/17 | Problems with Item Delivery | Phishing email saying there was a problem delivering an item | |
| 7/27/17 | Re: Are You Willing | Phishing email offering a business proposal | |
| 7/26/17 | Secret Shopper Job | Phishing email offering part-time secret shopper jobs to students | |
| 7/25/17 | Your Home Address Has Been Changed | Phishing email alerting user that home address has been changed | |
| 7/25/17 | Shipment of Your Consignment | Phishing email asking you to contact a courier for payment | |
| 7/25/17 | Invoice Number | Phishing email asking you to pay an invoice | |
| 7/25/17 | "New File" Waiting | Phishing email saying there is a new message waiting for you | |
| 7/21/17 | Who's Who in Academia | Phishing email saying the recipient has been named in a "Who's Who in Academia" article | |
| 7/19/17 | Mail Team | Phishing email asking user to log in to verify unrecognized device | |
| 6/30/17 | Mastercard Billing | Phishing email saying personal Mastercard will be billed | |
| 6/28/17 | UCLA Part Time Job Offer | Phishing email offering part-time job at UCLA | |
| 6/27/17 | Work Application Approved | Phishing email saying your work application is approved and offering a position | |
| 6/23/17 | Attention Beneficiary | Phishing email saying name is on an overdue payment schedule database | |
| 6/23/17 | Regarding availability of Research Projects in your Esteemed Institution | Phishing email from Harsha Vardhan Reddy interested in research projects | |
| 6/23/17 | Tesco Credit Account | Phishing email asking for Tesco credit card login information | |
| 6/23/17 | Your Account Has Developed an Error | Phishing email claiming a UCLA database error is about to shut down a user account | |
| 6/20/17 | Dear Applicant | Phishing email about a position at corestaff Services | |
| 6/13/17 | Service for Laboratory Instruments | Phishing email about a study being conducted regarding laboratory equipment | |
| 6/8/17 | Please read | Phishing email saying mailbox has exceeded its quota/limit | |
| 6/7/17 | You've got ONE DAY to read this | Phishing email prompting the reader to open a shared documents supposedly from Dropbox | |
| 6/7/17 | Unbalanced Payment | Phishing email claiming that a pending payment did not resolve due to errors | |
| 6/7/17 | Attention Needed | Phishing email claiming that a payment did not resolve due to server errors | |
| 6/6/17 | Payroll Schedule Message | Phishing email saying the 2017 payroll calendar is now available | |
| 6/6/17 | 1 New Important Message | Phishing email saying there's an important message from the school faculty | |
| 6/5/17 | Inquiry from Nigeria | Phishing email claiming to be a Nigerian government member offering millions of dollars for unspecified work | |
| 6/5/17 | UCLA Students Part Time Job | Phishing email offering part time job to UCLA students | |
| 6/5/17 | Payment Held Back | Phishing email claiming a recent payment transfer has been put on hold | |
| 5/27/17 | Unrecognized Sign-in | Phishing email saying user has to pass second sign-in verification | |
| 5/25/17 | Phishing email saying all staff and students are expected to migrate to new 2017 Microsoft Web Outlook portal | ||
| 5/23/17 | Account ( WELCOME xxx) | Phishing email saying information needs to be udated within 24 hours | |
| 5/15/17 | RE: Action Required, Staff Only | Phishing email saying staff is required to migrate to the new office365 | |
| 5/12/17 | Cornell University Softball | Phishing email from someone with Cornell softball with a link to a confidential file | |
| 5/11/17 | Invoice #886557-69344 | Phishing email saying a file is attached to the email | |
| 5/10/17 | UCLA Office 365 Verification! | Phishing email prompting user to sign in to Office 365 to verify their myUCLA account | |
| 5/10/17 | MyUCLA Access Verification! | Phishing email prompting user to sign in to verify their myUCLA account | |
| 5/8/17 | Do Not Ignore this Document | Phishing email asking user to sign an important document to open it | |
| 5/8/17 | Library Account | Phishing email asking user to click link to re-activate UCLA Library account | |
| 5/4/17 | You've Got An Urgent Security Alert. | Phishing email saying user needs to re-activate debit card to avoid it from being blocked | |
| 5/3/17 | xxx has shared a document on Google Docs with you | Phishing email saying someone has shared a document with the user | |
| 4/19/17 | Student Health Center | Phishing email prompting the user to review a secure message from the student health center | |
| 4/17/17 | Library | Phishing email informing recipient about library account expiring soon | |
| 4/4/17 | Part Time Personal Assistant Job | Phishing email saying a job is available | |
| 4/4/17 | IT Help Desk | Phishing email saying to update account or email will be blocked | |
| 3/29/17 | Confirm Email | Phishing email warning of too large inbox | |
| 3/13/17 | Final Notice | Phishing email claiming educational mailbox has been compromised | |
| 3/9/17 | UPS issue #6333505: unable to delivery parcel | Phishing email claiming that parcel has not been delivered | |
| 3/7/17 | RE: To All | Phishing email with a link to "login" to access various features available to staff and students | |
| 3/1/17 | Important Notice. | Phishing email with a link to a "blackboard" log sheet | |
| 3/1/17 | PA Selected Candidate | Phishing email offering students a job as a personal assistant for $600/week | |
| 2/22/17 | On-Campus Job Recruiting | Phishing email seeking individuals for a job opportunity | |
| 2/22/17 | Fund Not Received | Phishing email telling user that they were supposed to have received a $27M fund | |
| 2/22/17 | Error in 2017 W-2 Form | Phishing email claiming that user may have been short paid by the IRS | |
| 2/22/17 | Urgent! Mail account error | Phishing email from fake UCLA Database Admin seeking user's personal information | |
| 2/22/17 | Parking Ticket | Phishing email from "Police Department" asking the user to download a malicious "parking ticket" | |
| 2/22/17 | Update Your Account Now | Phishing email from an osu. edu address asking UC members to update their email information | |
| 2/22/17 | Account Update | Phishing email from an ITS impersonator claiming to upgrade the user's Microsoft Outlook account | |
| 2/21/17 | Wire for Invoice #11222 | Phishing email from an unaffiliated email asking user to review invoice document | |
| 2/17/17 | Take account:Urgent Payroll Update | Phishing email from AYSO asking user to update account | |
| 2/8/17 | Campus Security Notofication | Phishing email instructing to follow a protocol due to a security concern | |
| 2/6/17 | What a nice surprise) | Phishing email from Rozumalski Elizabeth | |
| 1/24/17 | Unusual activity detected on your UCLA | Phishing email claiming that an update must be done due to unusual activity on the user's account | |
| 1/19/17 | Urgent Issue | Phishing email claiming to be a UCLA Admin upgrading the recipient's UCLA mailbox | |
| 1/17/17 | Re: IT Service Holp Desk | Phishing email detailing an Outlook update | |
| 12/21/16 | Product Order Request | Phishing email inquiring about product prices with infected link | |
| 12/7/16 | PayPal Account Update | Phishing email from "PayPal" saying account has been updated | |
| 12/6/16 | Attached Scan Image from MX2310U | Phishing email from a "departmental address" with an attached scanned image | |
| 12/5/16 | Parcel Not Delivered | Phishing email claiming that an ordered parcel was not delivered and asking the user to open a file to print a label | |
| 12/5/16 | Mailbox Upgrade | Phishing email claiming to upgrade mailbox size | |
| 12/5/16 | Parcel Shipped Email | Phishing email claiming to confirm that a parcel has been shipped | |
| 12/5/16 | UConnection Discount | Phishing email offering discounts and free food in Westwood | |
| 11/28/16 | Outlook Web App for Staff | Phishing email about "Outlook Web App for staff" | |
| 11/25/16 | Email Validation UCLA Central Authentication Service | Phishing email from "UCLA Central Authentication Service" asking for credentials | |
| 11/21/16 | Email Validation from Pamela Berry | Phishing email from "Pamela Berry" alerting users of scheduled maintenance and the need to validate their accounts | |
| 11/9/16 | Malware Attachment from Augustine Mccormick | Phishing email from "Augustine Mccormick" alerting users he had to block their account and to open the attachment for instructions | |
| 10/21/16 | Amazon Service | Phishing email from "Amazon Service" regarding a refund | |
| 10/11/16 | Account Management Password Reset | Phishing email targeting UCLA staff to change their account management password | |
| 10/11/16 | Wire to Process | Phishing email saying that a payment by wire is needed | |
| 10/4/16 | Wire Payment | Phishing email saying that a payment by wire is needed | |
| 9/20/16 | Transaction Request | Phishing email saying that a transaction needed to be completed | |
| 9/9/16 | UCLA Help Desk | Phishing email from "UCLA Helpdesk" indicating the need to verify an account | |
| 6/20/16 | Student Payments | Phishing email saying there's a balance due on a bill | |
| 8/9/16 | Password Reminder | Phishing email indicating that password needs to be reset | |
| 6/20/16 | Student Payments | Phishing email saying there's a balance due on a bill | |
| 6/18/16 | "Bruin Alert" Email | Phishing email from "Bruin Alert" for staff and students to log in and confirm credentials | |
| 5/19/16 | You Have a Message | Phishing email saying to click on a link to see a message | |
| 4/15/16 | Password Expiration | Phishing email sent from "Robert Misage" about a password that needs to be reset | |
| 4/13/16 | UCLA TFT User Activation | Phishing email saying a TFT account has been created and the user needs to activate it | |
| 3/9/16 | Upgrading Mailbox Quota | Phishing email sent from "Larry Johnston" about needing to update mailbox quota asap | |
| 2/22/16 | Tesco Bank | Phishing email alerting of online banking changes |