Skip to Main Content

Phish Bowl

The UCLA Information Security Office advises faculty, staff, and students to be vigilant when opening emails from unknown, suspicious, or unexpected senders. Some of these messages can contain malicious content in the form of infected file attachments or attempts to steal personal information through carefully crafted social engineering campaigns.

These emails, collectively called "phishing emails," or "phishing scams," are designed to trick campus users into providing their passwords and other identifying information to attackers.  They can also be designed to extort money or trick users into navigating to fake login pages, which can sometimes mimic the look of well-known logon screens, like the UCLA Logon page.

If you find the suspicious email you received already recorded in the phish bowl, please mark the email as spam, and you're done. If it's not noted in the phish bowl, please mark it as phishing (instructions below) and forward it to Information Security Team. It will be added so others are aware of it.

If you have responded to a suspicious email and/or clicked on a link and entered any account or personal information, please immediately contact the IT Support Center  or your local departmental IT unit  and reset your account password  to prevent scammers from using your account.

How to Report a Phishing Scam

The UCLA Information Security Office requests that campus users report phishing messages to our team so that we can proactively alert campus users and bring awareness to widespread phishing campaigns. In order for the Information Security Office to take action in response to a reported phishing message, please follow these steps:

  1. Please follow instructions on How to Report a Phishing Scam
  2. Send the resulting message and attachment to security@ucla.edu with a subject line identifying the message as a phishing report.

It is important to be aware of fraudulent phishing schemes. Check back here as we update the list below with known phishing attempts.

Date Title Description
CRITICAL: Potential Exposure Incident Identified
Fake - UCLA Postings: Freelance Opportunity with $500 Weekly Pay
UC Mail confirmation
Piano Gift You will Love To Have
Fake Job Posting - UCLA Department of Information Studies
[UCPath] - Update Your UCPath Account - Phish
Multi-Factor Authentication (MFA) For

The UCLA Information Security Office is aware of a phishing campaign attempting to coerce recipients into scanning a QR code to deceive users into providing information posing a Microsoft. This is not a legitimate e-mail and recipients should not provide any information or scan the QR code from the sender.

These phishing e-mails may include messages the below:
 

Document (Urgent)

The UCLA Information Security Office is aware of a phishing campaign attempting to coerce recipients into clicking an attachment and deceive users into providing their Duo authentication credentials. This is not a legitimate e-mail and recipients should not provide any information to the sender.

These phishing e-mails may include messages such as:

Fake Job Posting - UCLA Department of Psychology

UCLA Information Security Office is aware of UCLA students being targeted by fake job/internship scams. Be mindful of phishing emails that may be disguised as a job opportunity.

Review the following security advisories related to recent job scams at UCLA and stay secure.

Fake UCLA Authentication Single Sign On (SSO) Web Page

The UCLA Information Security Office would like to raise awareness and urge caution related to two external websites impersonating the legitimate UCLA Single Sign On (SSO) Authentication page to carry out credential harvesting attacks.

Urgent Payroll Request

The UCLA Information Security Office is aware of UCLA staff being targeted by messages from cyber criminals attempting to commit payroll fraud. Be wary of cyber criminals who may try to trick you by sending phishing emails or posing as HR and Payroll staff, asking you to change your bank account information.

Document shared with you: "HR BENEFITS.docx"

The UCLA Information Security Office is aware of UCLA staff being targeted by messages from Google Docs with the subject "Document shared with you: "HR BENEFITS.docx" requesting an urgent review of a faculty evaluation Google Doc. The email usually indicates this request is coming from a leader within the organization, but the sender address is often non-affiliated with UCLA.

Office 365 - Authentication Notification We would like to inform you about a new phishing campaign that targets Microsoft 365 users requesting them to change their password due to account expiration. 
Please confirm your email account with ucla.edu

The UCLA Information Security Office is aware of UCLA staff/students are being targeted by messages from spoofed email addresses: account-security-noreply[@]ucla.edu making urgent calls to confirm their email accounts.

UCLA Gives - Making donations to an unaffiliated individual

The UCLA Information Security Office is aware of a phishing campaign attempting to coerce recipients into making donations to an unaffiliated individual. The "From" (uclagives[at]ucla.edu) address in this campaign is using an impersonated UCLA email in a deceptive attempt to gain legitimacy.