UCLA Student
Infosec Blog

confused woman at computer



First and foremost, if you don’t recognize the sender of a DocuSign envelope and you are uncertain of the authenticity of an email, look for the unique security code at the bottom of the notification email. All DocuSign envelopes include a unique security code.





Of all the common cyberattacks we see, phishing is perhaps the most dangerous because there is no single, foolproof way to prevent it. Rather than ask, “What is phishing?” after you’ve already fallen victim, learn to stay ahead of the hackers.

What is Phishing?

Phishing is a type of scam in which an attacker attempts to gain a victim’s login credentials or account information by pretending to be a legitimate person or organization. Attacks are most often conducted via email, social media and even phone calls, but malware is also commonly used.


be my valentine note


HOUSTON – Two Nigerian citizens have been ordered to prison for their role in a $2 million romance scam conspiracy, announced U.S. Attorney Kenneth Magidson. Kunle Mutiu Amoo, 49, and Lanre Sunday Adeoba, 62, both citizens of Nigeria, each pleaded guilty to one count of conspiring to commit wire fraud on July 15, 2016.

Today, U.S. District Judge Alfred H. Bennett sentenced both defendants to 36 months in prison. They were further ordered to pay $86,581.15 in restitution. In handing down the sentence, Judge Bennett noted that as a result of the offense, the victim had suffered substantial financial hardship and that the defendants had abused a position of trust by falsely representing themselves as diplomats from South Africa. Not U.S. citizens, they are expected to face deportation proceedings following their release from prison.


tax forms


Benjamin Franklin once said that the only certain things in life are death and taxes. While individuals, businesses, and tax preparers get ready for tax season at the beginning of each year, another certainty exists: Cybercriminals will attempt to victimize these entities with tax-related scams.

Tax season is a ripe time for phishing and spreading malware; without fail, tax-related online scams remain a most popular type of phishing scam each and every year. Through our threat intelligence network, we have identified four types of tax scams that individuals and businesses should be wary of as they’re preparing to file their taxes in 2016.

"Your account or tax return is locked or restricted.”


tax scam forms

Watch this video on how to spot scammers who pretend to be IRS officials to get you to send them money.

Watch video...

tax identity theft graphic



The IRS, the states and the tax industry are committed to protecting you from identity theft. We’ve strengthened our partnership to fight the nation’s common enemy – the criminals – and to devote ourselves to a common goal – serving you. Working together, we’ve made many changes to combat identity theft. We are making progress. However, cybercriminals are constantly evolving, and so must we. The IRS is working hand-in-hand with your state revenue officials, your tax software provider and your tax professional. But, we need your help. We need you to join with us. By taking a few simple steps to protect all of your digital devices, you can better protect your personal and financial data online and at home.

Please consider these steps to protect yourself from identity thieves:


IRS tax form


Tax identity thieves and IRS imposters are ready for tax season, whether you are or not. Join the FTC and its partners for Tax Identity Theft Awareness Week to find out how to protect yourself, and what to do if you or someone you know runs into problems.

What is tax identity theft? It happens when someone uses your Social Security number (SSN) to file a phony tax return and collect your refund. You may not find out it has happened until you try to file your real tax return and the IRS rejects it as a duplicate filing.

IRS imposters are scammers who pretend they’re calling from the IRS. They claim you owe taxes and demand that you pay right now, usually with a gift card or prepaid debit card. They threaten you’ll be arrested or face other bad consequences if you don’t pay. But it’s all a lie. If you send the money, it’s gone.


windows 7 alert

Whether you still use and enjoy the Windows 7 operating system or not, the end-of-life date for that operating system arrives next week. Official support for Windows 7 from Microsoft ends on January 14, 2020.  What this means to you is that the continued use of the Windows 7 operating system will progressively become much less secure to use over time since security updates and patches will no longer be available.  Also, over time, other software vendors will cease to write software for the Windows 7 operating system – for example, Google plans to support the Chrome browser on Windows 7 for only about a year and a half.  After that, Chrome will no longer be supported on Windows 7.

Accordingly, beginning January 14, 2020, Duo will no longer support the installation of its products and integrations on the EOL Windows operating systems. Note that this end of support milestone does not mean that the Duo products or integrations will cease to function on the affected operating systems.

UC’s IS-3 policy Section 4.12 requires the use of operating systems that are supported by the vendor.  To review a summary of that policy, please refer to the following link: https://security.ucop.edu/policies/security-controls-everyone-all-devices.html

This policy requires that all University users upgrade to a supported operating system (such as Windows 10) or remove any devices that are non-compliant from the University network.

windows 7


January 14, 2020, is a day cybersecurity stakeholders should pay attention to, as it marks the end of Microsoft support in Windows 7.

From a security perspective, both the routine monthly security patches as well as hotfixes for attacks in the wild will not be available, effectively making any newly discovered vulnerability a Windows 7 zero-day that can be exploited.


man upset with computer


A zero-day vulnerability is a software security flaw that is known to the software vendor but doesn’t have a patch in place to fix the flaw. It has the potential to be exploited by cybercriminals.