Skip to Main Content

Impersonation Email Campaigns: Clarification

Recently UCLA has seen a significant increase in the volume of “impersonation” email campaigns affecting the campus community. These email campaigns rely on social engineering tactics and generally involve the creation of a Gmail account with a very similar email address to a UCLA staff member in a deception attempt to coerce the recipient into a response.

If you receive a message like this, it is likely a phishing message and you should not respond to the message. If you are concerned that the message is real, reach out to the sender using their contact information in the university directory (https://directory.ucla.edu/).

 

A close inspection of the emails quickly alerts you to a possible scam:

  • Pretext to move you off official channels. The sender claims their university email can send but not receive and instructs you to switch to a personal Gmail/SMS. Attackers do this to bypass security filters and hide their activity.
  • Reply-to. The sender asks you to reply to dckstr9@gmail[.]com.
  • Requests for sensitive data. It asks for your resume and an ID—information scammers use for identity theft, payroll/diversion, or further social engineering.
  • Vague and generic. No course, department, or specific context. It could be sent to anyone.
  • Language/format cues. Unusual capitalization/grammar and awkward phrasing (“here i am…”, “any means of ID”) are common in phishing.
  • Urgency + authority. Invokes a professor’s authority and a “technical issue” to pressure quick compliance.

Subject: Clarification

Hello,

I am reaching out to clarify a quick note regarding my communication moving forward. Due to a technical issue, I am currently unable to receive incoming messages through my official university email account. While I can only send messages from it, I won’t be able to view your replies for the time being via my edu email.

As such, I’ll be communicating with you through my alternative email address and, when appropriate, via SMS for quicker responses. Please rest assured that you are indeed corresponding with me, Professor Stefano Soatto and that this message is simply to ensure transparency and continuity.

Once the issue with my official email is resolved, I will resume all communication through my university account. So here I am sending you this message from my edu email for clarification and transparency, all communication should be acknowledged through my alternative email dckstr9@gmail[.]com. Do reply and send your Resume and any means of ID for review to my alternative email for quick communication in order to proceed further.

Thank you for your understanding.

Warm regards,

Prof. Stefano Soatto
Department of Computer Science
404 Westwood Plaza
<https://www.google[.]com/maps/search/404+Westwood+Plaza?entry=gmail&source=g>
Engineering VI
Los Angeles, CA 90095-1596
UCLA

 

Impersonation phish 5

If you have received one of these messages via email or SMS, please forward the message to security@ucla.edu(link sends email)(link sends email)(link sends email), and then it is safe to disregard and delete the message(s). Instructions on how to report a phish can be found on the OCISO site at:

https://www.ociso.ucla.edu/phishing-scams/instructions-reporting-phishing-scam.