Phishing Scams

woman at keyboard with eye on wall

Phishing is an attempt by an attacker masquerading as a trustworthy entity to acquire your sensitive online information. Attackers can attempt to obtain your usernames, passwords, credit card details, money, etc.

The UCLA Information Security Office advises faculty, staff, and students to be vigilant when opening emails from unknown, suspicious, or unexpected senders. Some of these messages can contain malicious content in the form of infected file attachments or attempts to steal personal information through carefully-crafted social engineering campaigns.

These emails, collectively called "phishing emails," or "phishing scams," are designed to trick campus users into providing their passwords and other identifying information to attackers. They can also be designed to extort money or trick users into navigating to fake login pages, which can sometimes mimic the look of well-known logon screens, like the UCLA Logon page. For example, a phish might generate an email, which appears to be from your IT Administrator requesting that you update your computer by inputting and validating your username and password by clicking on a “secure” link. When you follow the instructions and enter that information, you have been phished.

Learn more about recognizing the signs of a phishing scam and what you should do if you've been phished.

The UCLA Information Security Office requests that campus users report phishing messages to our team so that we can proactively alert campus users and bring awareness to widespread phishing campaigns. In order for the Information Security Office to take action in response to a reported phishing message, please refer to the following instructions for your email client:

Verify the Sender. 

Check the sender’s e-mail address or hover your mouse over the name to reveal the email address to make sure it’s legitimate. If it appears that your institution’s help desk is asking you to click on a link to increase your mailbox quota, but the sender is “UniversityHelpDesk @  yahoo.com,” then it’s a phishing message. If you don’t recognize the sender, be suspicious.

Obvious Misspellings and Grammatical Errors. 

If the message contains obvious typed errors, bad /incorrect grammar and word choices, beware.

Don’t Open Links and Attachments from Unknown Senders. 

Get into the habit of typing known URLs into your browser. Don’t open attachments unless you’re expecting a file from someone. Give them a call if you’re suspicious.

When You’re Unsure, Call to Verify. 

If you receive an e-mail claiming to be from someone you know — a friend, colleague, or even the president of your college or university requesting that you perform an action such as transfer funds or provide sensitive information, call the number listed in the Campus Directory (not the number in the email) to verify legitimacy of the request

Don’t Talk to Strangers!

 If you receive a call from a stranger asking you to provide information or making odd requests? Hang up the phone and report it to the help desk. You should also block any unwanted emails.

  • Change your password immediately.
  • If you have reset questions and answers, change them.
  • Report the phishing email to your local IT Administrator and to the Information Security Office ([email protected]).
  • If you are not sure that you have been phished, but believe an email might be malicious, you can still report it to the Information Security Office to investigate by sending an email to [email protected].

Campus IT Security will be providing relevant information and recommendations in order to assist users during the current Covid-19 crisis to ensure users have the necessary information they need to operate their work and home devices securely.

During the Covid-19 crisis the industry and in particular educational institutions have become targets of numerous cyber-attacks. Phishing attempts exploiting user’s curiosity for up-to-date and new information have been on the rise.

Go to COVID-19 Scams page