Skip to Main Content

Overview

Phishing is a type of cybercrime whereby fake emails, text, or social media posts/messages are used to lure individuals into providing sensitive information. Cyber criminals pose as legitimate senders and trick you into clicking on a malicious file or link. This then opens doors for them to steal your passwords, sensitive data, credit card details, and ultimately even your identity.   

The OCISO advises faculty, staff, and students to be vigilant when opening emails from unknown, suspicious, or unexpected senders. Some of these messages can contain malicious content in the form of infected file attachments or carefully crafted social engineering campaigns.

Phishing

Phishing accounts for around 90% of data breaches.

Phishing1.1

96% of phishing attacks take place through email.

Phishing2

In the second quarter of 2022, the Anti-Phishing Working Group observed 1,097,811 total phishing attacks, a new record.

Phishing3.1

15 billion spam emails make their way across the internet every day.

Security Tactics
 

Phishing email red flags

Here are a few quicks steps you can take to avoid falling to phishing attacks:

  • Are there any typos, special characters, or excessive numbers in the sender's address? If so, be extra cautious of a scam and look for other tell-tale phishing signs.
  • Is the email subject line designed to provoke fear or pique curiosity? Phishing emails often revolve around rewarding a "won prize" or threatening the recipient. The hacker wants to excite or scare the recipient into taking action by clicking the given links.
  • Is the salutation vague? Salutations such as "Dear client" or "Hello customer" are clear signs of scams. A real company contacting a customer with a legitimate email would address them by their first name.
  • Are there spelling or grammatical errors in the body? Phishing emails often include grammatical and spelling errors.
  • Consider the context and timing surrounding the content. Hackers often send phishing emails asking for relief donations in the wake of natural disasters, preying on your empathy to click the link and "support.”

Resources

Additional Support

The UCLA Information Security Office requests that campus users report phishing messages to our team so that we can proactively alert campus users and bring awareness to widespread phishing campaigns. In order for the Information Security Office to take action in response to a reported phishing message, please refer to the following instructions for your email client:


Microsoft Outlook for Windows 

Microsoft Outlook for Mac

Gmail 

Verify the Sender.

Check the sender’s e-mail address or hover your mouse over the name to reveal the email address to make sure it’s legitimate. If it appears that your institution’s help desk is asking you to click on a link to increase your mailbox quota, but the sender is “UniversityHelpDesk @  yahoo.com,” then it’s a phishing message. If you don’t recognize the sender, be suspicious.

Obvious Misspellings and Grammatical Errors.

If the message contains obvious typed errors, bad /incorrect grammar and word choices, beware.

Don’t Open Links and Attachments From Unknown Senders. 

Get into the habit of typing known URLs into your browser. Don’t open attachments unless you’re expecting a file from someone. Give them a call if you’re suspicious.

When You’re Unsure, Call to Verify. 

If you receive an e-mail claiming to be from someone you know — a friend, colleague, or even the president of your college or university requesting that you perform an action such as transfer funds or provide sensitive information, call the number listed in the Campus Directory (not the number in the email) to verify legitimacy of the request

Don’t Talk to Strangers!

If you receive a call from a stranger asking you to provide information or making odd requests? Hang up the phone and report it to the help desk. You should also block any unwanted emails.

Change your password immediately.

If you have reset questions and answers, change them.

Report the phishing email to your local IT Administrator and to the Information Security Office (security@ucla.edu).

If you are not sure that you have been phished, but believe an email might be malicious, you can still report it to the Information Security Office to investigate by sending an email to security@ucla.edu.

Campus IT Security will be providing relevant information and recommendations in order to assist users during the current Covid-19 crisis to ensure users have the necessary information they need to operate their work and home devices securely.

During the Covid-19 crisis the industry and in particular educational institutions have become targets of numerous cyber-attacks. Phishing attempts exploiting user’s curiosity for up-to-date and new information have been on the rise.

Go to COVID-19 Scams Page