Phish Bowl/Phishing Scams

The UCLA Information Security Office advises faculty, staff, and students to be vigilant when opening emails from unknown, suspicious, or unexpected senders. Some of these messages can contain malicious content in the form of infected file attachments or attempts to steal personal information through carefully-crafted social engineering campaigns.

These emails, collectively called "phishing emails," or "phishing scams," are designed to trick campus users into providing their passwords and other identifying information to attackers.  They can also be designed to extort money or trick users into navigating to fake login pages, which can sometimes mimic the look of well-known logon screens, like the UCLA Logon page.

How to Report a Phishing Scam

The UCLA Information Security Office requests that campus users report phishing messages to our team so that we can proactively alert campus users and bring awareness to widespread phishing campaigns. In order for the Information Security Office to take action in response to a reported phishing message, please follow these steps:

  1. Provide a full copy of the email by "saving" the email within your email client.
    • For Microsoft Outlook users, this can be accomplished by hitting File > Save As after opening the email.
  2. Compose a new email with the previously-saved phishing message added as an attachment.
  3. Send the resulting message and attachment to security@ucla.edu with a subject line identifying the message as a phishing report.

It is important to be aware of fraudulent phishing schemes. Check back here for known phishing attacks.

 
DatePhishing AlertDescription
10/12/18Skype Message - Board Meeting ScheduledPhishing email that states: "a meeting was schedule with you on skype" with link to click.  
10/9/18Action Required: Email Account Synchronization FailedPhishing email telling users they need to click on link to switch to a new web interface.
10/9/18Phishing email asking UCLA user to synchronize their mail.
10/4/18Payment SuccessfulPhishing email posing as Apple asking users to sign in with Apple ID.
10/4/18ITHelp DeskPhishing email asking users to validate account and click validation link.
10/4/18RE: Support DeskPhishing email asking faculty/staff and employees to click link to update Outlook for 2018.
10/3/18Your Mailbox De-activation NoticePhishing email asking users to verify their identity by clicking on a link.
10/3/18Email Policy UpdatesPhishing email posing as Outlook Web app asking users to enter email and password.
9/20/18Unauthorized Failed AccessPhishing email posing as Bank of America asking user to click on link.
9/14/18FSA Phishing - Malicious Campaign AlertMultiple institutions of higher education have reported that attackers are using a phishing email to obtain access to student accounts via their student portal.
9/14/18Google Accounts - Your Account Will Be DeactivatedPhishing email with notice: "This is to inform you that your request on: [DATE] to remove your account from gmail.com server has been approved and will initiate in one hour from the exact time you open this message."
9/12/18Part-time Job Opportunity (Multiple Scam Variants)Phishing email advertising jobs for drivers willing to advertise "Australian Open" on their cars
9/11/18Attention UCLA UserPhishing email posing as UCLA server asking for login and password information
8/29/18Job OpeningPhishing email for job opening
8/22/18Sign InvoicePhishing email using fake DocuSign invoice to collect user information
8/17/18University of California Employment OutreachPhishing email advertising employment opportunity requesting applicant's full name, personal email, phone number and mailing address
8/13/18Human Resources - University of California-Los AngelesPhishing email posing at Human Resources from UCLA for on-campus employment
7/30/18Fall Employment: College/University Job OpportunityPhishing email claiming to be job offer for University faculty
7/27/18National Resident Matching ProgramPhishing email claiming to have matched the reader with an institution
7/23/18Office 365 Scam (New Message from Peyton Harley)Phishing email posing as Office 365 asking user to click link
7/18/18Sextortion Scam - Subject: [username]  [old password]Sextortion scam threatening to distribute your private and sensitive material if you don’t pay them in bitcoins
6/25/18Re: OIT - Updating / Protecting Faculty And Staff Account / Quarantine Exercise - Request Number [#000594541]Phishing email claiming to be from UCLA OIT. 
6/25/18***Part/Full Time Employment Opportunity Available For Student On Holiday(New Job Offer)***Phishing email offering a fraudulent job 
6/18/18Library NotificationsPhishing email claiming to be from the UCLA Library
6/11/18HR Job OpeningPhishing email for job opening
6/11/18Payment and Signup BonusPhishing email claiming to give user a payment and signup bonus with Stripe with prompts to click on links
6/8/18Your New Password RequestPhishing email claiming to be Microsoft with a new password for your Office365
6/7/18Microsoft New or Modified User AccountPhishing email claiming to be Microsoft requesting verification of account 
6/7/18Microsoft Account SecurityPhishing email claiming Microsoft account security information has been updated
5/23/18Phishing email claiming to be a UC President & Chief Executive Officer with an "appended update" link for employees
4/16/18Warning!Phishing email prompting user to log into a link claiming to be from the UCLA Help Desk
4/16/18Employment Opportunity For Student Available (Part-Time Job)Phishing email claiming to be an offer to work with a doctor 
4/13/18Re: Admin Case !Phishing email asking to user to migrate to a new web version of Outlook
4/11/18University of California, HRPhishing email claiming to be an offer to work with a doctor 
4/11/18Your Office Lite TokenPhishing email prompting user to log in for an access code to Office 365Lite
4/05/18Re: IT Support/Help-DeskPhishing email asking user to update Outlook/OWA
3/29/18Urgent: New NotificationPhishing email asking user to contact Human Resources about a paycheck issue
3/20/18Job Offer at Cisco [Part Time Position]Phishing email containing a false job offer at Cisco
3/16/18Bill No 69469761Phishing email with a malicious attachment claiming to be an online payment processor
3/16/18RE: ADMIN CASE !!Phishing email asking user to update Outlook Web App
3/16/18Complete password change requestPhishing email asking user to sign in to Office 365 to revert an unauthorized change of password
3/15/18Ucla security updates.Phishing email asking user to sign in to the IT Help server to update their mailbox
3/14/18Purchase OrderPhishing email asking user to review a purchase order and to provide a copy of a quote
3/14/18Re: IT NewsletterPhishing email mimicking a newsletter
3/14/18UntitledPhishing email saying HEY with a link
3/9/18Ticket : Staff bulletinPhishing email asking the recipient to log in and update payroll information
2/23/18RE: IT-Center !Phishing email saying user contacted the Helpdesk within last 7 days and to complete satisfation survey
2/15/18Unread Messages on HoldPhishing email from IT Services Helpdesk to sign in to avoid cancellation
2/15/18UCLA Needs Your HelpPhishing email about being a paid note taker
2/15/18Settings ChangedPhishing email verifying a recent Windows device sign in
2/9/18

**Employment Offer**

Phishing email offering weekly pay for a simple job for Dr. Christopher C. Babbitt.
2/9/18RE: ServiceDesk RequestPhishing email asking students to migrate to Outlook Web Access 2018.
1/30/18john colins has shared a link with you!Phishing email about a mystery shopping job
1/26/18Fixed-Term (Part-Time) Faculty PositionsPhishing email to students regarding job offer
1/26/18Website Job ApplicationPhishing email looking for part-time work
1/26/18UCLA We Got Your Contact Through Your SchoolPhishing email saying CHARMMER-SUNBLET BEVERAGE CORP INC® is currently running a student empowerment programme
1/4/18Bad NewsPhishing email saying wages will be garnished due to student loans
1/4/18Dr. GreenfieldPhishing email offering employment
1/1/18MyUCLA Portal MaintenancePhishing email asking to confirm your account due to routine system maintenance
12/20/17Bruin Alert - Important UpdatePhishing email asking to confirm your account due to important update
12/19/17Part Time Job JobvitePhishing email announcing job opportunity from Jobvite Agency
12/6/17[Info] Account ReviewPhishing email asking you to verify your account with Apple.
12/4/17Scanned DocumentPhishing email saying you have a scanned document from "Dropbox."
12/4/17Re: redactedPhishing email notifying you that your Visa card will be charged soon.
11/21/17Payment ResolvePhishing email saying user has a new notification regarding a payment.
11/20/17 RE: Service Desk (Incident Report No: 0001232)Phishing email saying user has received a migration/updgrade request.
10/24/17Part-Time Job Offer with AdelaidePhishing email announcing employment opportunity with Adelaide.
10/24/172 New Messages with Subject Urgent PendingPhishing email saying you have two new urgent messages to read.
10/5/17Re: Attention (Migration Warning)Phishing email saying account will be disabled if user doesn't migrate to new Office 365.
9/20/17NotifyPhishing email saying mailbox is out of date and to confirm the email account
9/19/17Admin Position OpeningPhishing email announcing an administrative position
9/13/17Limited TimePhishing email asking you to confirm your contact details
9/12/17TutorPhishing email requesting a tutor
8/24/17Metro BankingPhishing email asking user to sign in for verification in order to process a refund
8/24/17Problems with Item DeliveryPhishing email telling you to click on an attachment and review delivery label.
8/23/17Unusual Login AttemptPhishing email asking you to click on a link to verify account activity.
8/14/17Notification: You Have a New MessagePhishing email informing you that your account will be deleted if you do not respond.
8/14/17Staff Only (Urgent Task)Phishing email telling you to migrate to the Office 365 portal.
8/14/17You Have Received a Wire TransferPhishing email saying you've received a wire transfer
8/14/17You Have 1 Important DocPhishing email saying you have an important document waiting to view on Dropbox
8/9/179.01 GB Quota UpgradePhishing email informing you of a 9.01 mail quota upgrade
8/7/17You Have a New File (from UC)Phishing email saying you have a new file to view
8/7/17Office 365 New MessagePhishing email saying you have new messages to view
8/3/17Admin Assistant Opening in Your AreaPhishing email offering an administrative assistant position
8/1/17RE: Pay Invoice - 8/01/2017Phishing email asking for invoice and attaching an invoice
8/1/179.4 GBPhishing email asking you to click on a link for a quota upgrade
8/1/17Office 365 Email VerificationPhishing email asking you to verify your Office 365 account to avoid deletion
7/28/17Email Alert MarketingPhishing email asking you to confirm your password
7/28/17Late PaymentPhishing email saying you have a late payment from Natwest Bank
7/28/17Part-time Job with "Cisco"Phishing email offering a part-time job with Cisco
7/28/17Problems with Item DeliveryPhishing email saying there was a problem delivering an item
7/27/17Re: Are You WillingPhishing email offering a business proposal
7/26/17Secret Shopper JobPhishing email offering part-time secret shopper jobs to students
7/25/17Your Home Address Has Been ChangedPhishing email alerting user that home address has been changed
7/25/17Shipment of Your ConsignmentPhishing email asking you to contact a courier for payment
7/25/17Invoice NumberPhishing email asking you to pay an invoice
7/25/17"New File" WaitingPhishing email saying there is a new message waiting for you 
7/21/17Who's Who in AcademiaPhishing email saying the recipient has been named in a "Who's Who in Academia" article
7/19/17Mail TeamPhishing email asking user to log in to verify unrecognized device
6/30/17Mastercard BillingPhishing email saying personal Mastercard will be billed
6/28/17UCLA Part Time Job OfferPhishing email offering part-time job at UCLA
6/27/17Work Application ApprovedPhishing email saying your work application is approved and offering a position
6/23/17Attention BeneficiaryPhishing email saying name is on an overdue payment schedule database
6/23/17Regarding availability of Research Projects in your Esteemed InstitutionPhishing email from Harsha Vardhan Reddy interested in research projects
6/23/17Tesco Credit AccountPhishing email asking for Tesco credit card login information
6/23/17Your Account Has Developed an ErrorPhishing email claiming a UCLA database error is about to shut down a user account
6/20/17Dear ApplicantPhishing email about a position at corestaff Services
6/13/17Service for Laboratory InstrumentsPhishing email about a study being conducted regarding laboratory equipment
6/8/17Please readPhishing email saying mailbox has exceeded its quota/limit
6/7/17You've got ONE DAY to read thisPhishing email prompting the reader to open a shared documents supposedly from Dropbox
6/7/17Unbalanced PaymentPhishing email claiming that a pending payment did not resolve due to errors
6/7/17Attention NeededPhishing email claiming that a payment did not resolve due to server errors
6/6/17Payroll Schedule MessagePhishing email saying the 2017 payroll calendar is now available
6/6/171 New Important MessagePhishing email saying there's an important message from the school faculty
6/5/17Inquiry from NigeriaPhishing email claiming to be a Nigerian government member offering millions of dollars for unspecified work
6/5/17UCLA Students Part Time JobPhishing email offering part time job to UCLA students
6/5/17Payment Held BackPhishing email claiming a recent payment transfer has been put on hold
5/27/17Unrecognized Sign-inPhishing email saying user has to pass second sign-in verification
5/25/17

RE: Microsoft Outlook Email Update

Phishing email saying all staff and students are expected to migrate to new 2017 Microsoft Web Outlook portal
5/23/17Account ( WELCOME xxx)Phishing email saying information needs to be udated within 24 hours
5/15/17RE: Action Required, Staff OnlyPhishing email saying staff is required to migrate to the new office365
5/12/17Cornell University SoftballPhishing email from someone with Cornell softball with a link to a confidential file
5/11/17Invoice #886557-69344Phishing email saying a file is attached to the email
5/10/17UCLA Office 365 Verification!Phishing email prompting user to sign in to Office 365 to verify their myUCLA account
5/10/17MyUCLA Access Verification!Phishing email prompting user to sign in to verify their myUCLA account
5/8/17Do Not Ignore this DocumentPhishing email asking user to sign an important document to open it
5/8/17Library AccountPhishing email asking user to click link to re-activate UCLA Library account
5/4/17You've Got An Urgent Security Alert.Phishing email saying user needs to re-activate debit card to avoid it from being blocked
5/3/17xxx has shared a document on Google Docs with youPhishing email saying someone has shared a document with the user
4/19/17Student Health CenterPhishing email prompting the user to review a secure message from the student health center
4/17/17LibraryPhishing email informing recipient about library account expiring soon
4/4/17Part Time Personal Assistant JobPhishing email saying a job is available
4/4/17IT Help DeskPhishing email saying to update account or email will be blocked
3/29/17Confirm EmailPhishing email warning of too large inbox
3/13/17Final NoticePhishing email claiming educational mailbox has been compromised
3/9/17UPS issue #6333505: unable to delivery parcelPhishing email claiming that parcel has not been delivered
3/7/17RE: To AllPhishing email with a link to "login" to access various features available to staff and students
3/1/17Important Notice.Phishing email with a link to a "blackboard" log sheet
3/1/17PA Selected CandidatePhishing email offering students a job as a personal assistant for $600/week
2/22/17On-Campus Job RecruitingPhishing email seeking individuals for a job opportunity
2/22/17Fund Not ReceivedPhishing email telling user that they were supposed to have received a $27M fund
2/22/17Error in 2017 W-2 FormPhishing email claiming that user may have been short paid by the IRS
2/22/17Urgent! Mail account errorPhishing email from fake UCLA Database Admin seeking user's personal information
2/22/17Parking TicketPhishing email from "Police Department" asking the user to download a malicious "parking ticket"
2/22/17Update Your Account NowPhishing email from an osu. edu address asking UC members to update their email information
2/22/17Account UpdatePhishing email from an ITS impersonator claiming to upgrade the user's Microsoft Outlook account
2/21/17Wire for Invoice #11222Phishing email from an unaffiliated email asking user to review invoice document
2/17/17Take account:Urgent Payroll UpdatePhishing email from AYSO asking user to update account
2/8/17Campus Security NotoficationPhishing email instructing to follow a protocol due to a security concern 
2/6/17What a nice surprise)Phishing email from Rozumalski Elizabeth
1/24/17Unusual activity detected on your UCLAPhishing email claiming that an update must be done due to unusual activity on the user's account
1/19/17Urgent IssuePhishing email claiming to be a UCLA Admin upgrading the recipient's UCLA mailbox
1/17/17Re: IT Service Holp DeskPhishing email detailing an Outlook update
12/21/16Product Order RequestPhishing email inquiring about product prices with infected link
12/7/16PayPal Account UpdatePhishing email from "PayPal" saying account has been updated
12/6/16Attached Scan Image from MX2310UPhishing email from a "departmental address" with an attached scanned image
12/5/16Parcel Not DeliveredPhishing email claiming that an ordered parcel was not delivered and asking the user to open a file to print a label
12/5/16Mailbox UpgradePhishing email claiming to upgrade mailbox size
12/5/16Parcel Shipped EmailPhishing email claiming to confirm that a parcel has been shipped
12/5/16UConnection DiscountPhishing email offering discounts and free food in Westwood
11/28/16Outlook Web App for StaffPhishing email about "Outlook Web App for staff"
11/25/16Email Validation UCLA Central Authentication ServicePhishing email from "UCLA Central Authentication Service" asking for credentials
11/21/16Email Validation from Pamela BerryPhishing email from "Pamela Berry" alerting users of scheduled maintenance and the need to validate their accounts
11/9/16Malware Attachment from Augustine MccormickPhishing email from "Augustine Mccormick" alerting users he had to block their account and to open the attachment for instructions
10/21/16Amazon ServicePhishing email from "Amazon Service" regarding a refund
10/11/16Account Management Password ResetPhishing email targeting UCLA staff to change their account management password
10/11/16Wire to ProcessPhishing email saying that a payment by wire is needed
10/4/16Wire PaymentPhishing email saying that a payment by wire is needed
9/20/16Transaction RequestPhishing email saying that a transaction needed to be completed
9/9/16UCLA Help DeskPhishing email from "UCLA Helpdesk" indicating the need to verify an account
6/20/16Student PaymentsPhishing email saying there's a balance due on a bill
8/9/16Password ReminderPhishing email indicating that password needs to be reset
6/20/16Student PaymentsPhishing email saying there's a balance due on a bill
6/18/16"Bruin Alert" EmailPhishing email from "Bruin Alert" for staff and students to log in and confirm credentials
5/19/16You Have a MessagePhishing email saying to click on a link to see a message
4/15/16Password ExpirationPhishing email sent from "Robert Misage" about a password that needs to be reset
4/13/16UCLA TFT User ActivationPhishing email saying a TFT account has been created and the user needs to activate it
3/9/16Upgrading Mailbox QuotaPhishing email sent from "Larry Johnston" about needing to update mailbox quota asap
2/22/16Tesco BankPhishing email alerting of online banking changes