Impersonation email campaign: Send me your available cell number

Recently UCLA has seen a significant increase in the volume of “impersonation” email campaigns affecting the campus community. These email campaigns rely on social engineering tactics and generally involve the creation of a Gmail account with a very similar email address to a senior UCLA executive in a deception attempt to coerce the recipient into a response.

email image

A close inspection of the emails quickly alerts you to a possible scam. First, the sender’s email address is usually in the form of <importantperson.ucla@gmail.com>. This is not a legitimate UCLA email address.

The second clue that this is a potential phishing message is in the subject line. In many cases, an attacker will quickly craft these messages and include simple grammatical errors such as ending the sentence with a preposition “at”.

If you receive a message like this, it is likely a phishing message and you should not respond to the message. If you are concerned that the message is real, reach out to the sender using their contact information in the university directory (http://www.directory.ucla.edu/).

A few users have reported that they had responded to the email. When someone responds to the email with a cell phone number the attacker will typically respond with text messaging such as the ones pictured here.   

                                                 text message sample    sample text message 2

If you have received one of these messages, please forward the message to security@ucla.edu, and then it is safe to disregard and delete the message(s). Instructions on how to report a phish can be found on the OCISO site at https://www.ociso.ucla.edu/phishing-scams/instructions-reporting-phishing-scam.