Skip to Main Content

Impersonation Emails - Gift Card Scam

Recently UCLA has observed an increase in impersonation email campaigns targeting members of the campus community. These campaigns use social engineering tactics in which scammers create generic Gmail accounts and pose as UCLA staff. They attempt to manufacture a false sense of urgency, often insisting that the recipient respond only by email and stating that they are unavailable by phone. The goal of these actors is to deceive recipients into believing they are communicating with fellow staff and to pressure them into purchasing gift cards the scammer can later redeem.

 

What to watch for

  • Sender uses a Gmail account rather than an official UCLA email address.
  • Email signature is minimal or missing, typically showing only the name of the person being impersonated.
  • No legitimate contact details—such as phone number, title, or departmental information—are included.
  • Message creates a false sense of urgency, pushing the recipient to act quickly without verification.
  • Scammer insists on email-only communication, claiming they cannot talk by phone or asking not to call.
     

What to do

  • Do not click on suspicious links or provide any personal information.
  • Do not respond to these messages.
  • Use the Report Phish option in Outlook or forward the email to security@ucla.edu.
  • If you have already replied, clicked a link, or shared information, contact the IT Security team immediately.


 

Initial Email

Subject Examples: 

"Psychology Department", "Atmospheric and Oceanic Sciences", " UCLA Institute for Society & Genetics.", "UCLA Statistics & Data Science", " Integrative Biology & Physiology" or "MCDB Department"

 

Body: 

Can we chat briefly? I've got a meeting coming up in 5 minutes. So simply send an email in response.

Prof. Qing Zhou  

 

Secondary Email


Body:

GREAT! Here's what I want you to do for me because I'm a little busy right now. I have been working on incentives and I aimed at surprising some of our diligent faculty members with gift cards this week. This should be Confidential until they all have the gift cards as it's a surprise and you will keep one for yourself too. I want you to pick the gift cards for me and I will refund you once I am done.

Can you get this done today?

 

Prof. Qing Zhou

giftcardphish2

If you have received one of these messages via email or SMS, please forward the message to security@ucla.edu(link sends email)(link sends email)(link sends email), and then it is safe to disregard and delete the message(s). Instructions on how to report a phish can be found on the OCISO site at:

https://www.ociso.ucla.edu/phishing-scams/instructions-reporting-phishing-scam.

 

Tags
Email Phishing