What You Should Know about Phishing

Phishing is an attempt by an attacker masquerading as a trustworthy entity to acquire your sensitive online information. Attackers can attempt to obtain your usernames, passwords, credit card details, money, etc.

For example, a phish might generate an email, which appears to be from your IT Administrator requesting that you update your computer by inputting and validating your username and password by clicking on a “secure” link. When you follow the instructions and enter that information, you have been phished.

What to Do If You Have Been Phished

  • Change your password immediately.
  • If you have reset questions and answers, change them.
  • Report the phishing email to your local IT Administrator and to the Information Security Office.

If you are not sure that you have been phished, but believe an email might be malicious, you can still report it to the Information Security Office to investigate by sending an email to [email protected].

How to Protect Yourself

Phishing is not a foolproof attack, and there are ways to protect yourself. Here are some actions you can take to guard against phishing scams:

  • Always check the email address of the email that was sent to you. If you don’t recognize it, be suspicious.
  • Always check with the email sender in person or by phone if there is a request for money or data.
  • Do not open links in emails received from unknown senders as they may contain malicious code.
  • Hover your mouse over the link to identify if the website it’s going to looks legitimate.
  • Do not open attachments from unknown senders as they may include malicious code.

Phishing Awareness at UCLA

To see updated alerts on phishing attempts across campus, please visit our phishing alert page.