The UCLA Information Security Office would like to raise awareness and urge caution about an external website impersonating the legitimate UCLA Single Sign On (SSO) Authentication page to carry out credential harvesting attacks. The tactic relies on deceiving individuals to visit the page, often via a phishing email, and then inputting their credentials into the username/password field under the presumption that it is the legitimate UCLA SSO page. We are in the process of collaborating with our partners to shut down the host.
- 24timeauto[.]site/ssl[.]php
- agriconsilier[.]ro/ucla/shb.ais.ucla.edu/
Example Phish Email:
I am writing to inform you that one of your students has been diagnosed
with the Ebola virus. The student was overseas prior to the diagnosis and
is currently receiving medical treatment.
To ensure the safety of our community, we are conducting contact tracing to
identify anyone who may have had contact with the student. For your
reference, a dedicated and secure page containing further details about the
case has been created: [View Evelyn's Information
24timeauto[.]site/ssl[.]php
We are taking every possible measure to maintain the confidentiality of
this situation. It is imperative that this information remains private and
is not shared or forwarded to anyone else.
If you have received this email in error, please delete it immediately and
refrain from disclosing its contents.
If you have any questions or require further clarification, please do not
hesitate to reach out.
