Phish Bowl
The UCLA Information Security Office advises faculty, staff, and students to be vigilant when opening emails from unknown, suspicious, or unexpected senders. Some of these messages can contain malicious content in the form of infected file attachments or attempts to steal personal information through carefully crafted social engineering campaigns.
These emails, collectively called "phishing emails," or "phishing scams," are designed to trick campus users into providing their passwords and other identifying information to attackers. They can also be designed to extort money or trick users into navigating to fake login pages, which can sometimes mimic the look of well-known logon screens, like the UCLA Logon page.
If you find the suspicious email you received already recorded in the phish bowl, please mark the email as spam, and you're done. If it's not noted in the phish bowl, please mark it as phishing (instructions below) and forward it to Information Security Team. It will be added so others are aware of it.
If you have responded to a suspicious email and/or clicked on a link and entered any account or personal information, please immediately contact the IT Support Center or your local departmental IT unit and reset your account password to prevent scammers from using your account.
How to Report a Phishing Scam
The UCLA Information Security Office requests that campus users report phishing messages to our team so that we can proactively alert campus users and bring awareness to widespread phishing campaigns. In order for the Information Security Office to take action in response to a reported phishing message, please follow these steps:
- Please follow instructions on How to Report a Phishing Scam
- Send the resulting message and attachment to security@ucla.edu with a subject line identifying the message as a phishing report.
It is important to be aware of fraudulent phishing schemes. Check back here as we update the list below with known phishing attempts.
| Date | Title | Description |
|---|---|---|
| 03/14/2022 | ‘Are you busy?’, “Hi,” or “Urgent”. E-mail Scam | We have reports from faculty and staff who have been recipients of a new twist on an old e-mail scam. These phishing scams often come from a non-UCLA email address with poor spelling/grammar. |
| 03/07/2022 | Avoid Package Delivery Scams | You should never click a link or call back the number from an unexpected delivery notice. |
| 03/03/2022 | Job Scams at UCLA | UCLA Information Security Office is aware of UCLA students being targeted by fake job offer scams. Please read our recent Security Advisory regarding Job Opportunity Scams at UCLA - Department of Computer Science. |
| 10/01/2021 | Impersonation email campaign: Send me your available cell number | Recently UCLA has seen a significant increase in the volume of “impersonation” email campaigns affecting the campus community. These email campaigns rely on social engineering tactics and generally involve the creation of a Gmail account with a very similar email address to a senior UCLA executive in a deception attempt to coerce the recipient into a response. |
| 05/21/2020 | EVC/Provost Opportunity Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. |
| 04/12/2020 | Settings Changed Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlink. From: Microsoft Web-Team [mailto:Outlook@@ @ trx.outlok.com] Sent: Friday, January 26, 2018 4:16 AM To: Subject: settings changed Importance: High Outlook Office365 Email We detected a recent sign-in Windows device. You are getting this email to make sure it was you. To help keep you safe, we require an extra security challenge Click Here This action will take a brief period before this request takes effect This is a mandatory communication about the service. To set communication preferences for other cases. © 2018 Outlook-Corporation All Rights Reserved Terms of use Privacy & Cookies |
| 03/31/2020 | HR Team Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: [username]@ucla.edu Subject: HR Team Greetings: You have a message from the HR Department Click here to view your message Sincerely, The Human Resources Talent Acquisition Team This is an automatically generated email, please do not reply. |
| 03/25/2020 | [username]@[campus unit].ucla.edu Password Expiration Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: IT Help Desk Subject: [username]@[campus unit].ucla.edu password expiration [campus unit].ucla.edu Hello [username] Password for [username]@[campus unit].ucla.edu expires today Tuesday, March 23, 2021 at 2:34 PM Keep Same Password [campus unit].ucla.edu (c) 2021 |
| 03/25/2020 | UNICEF Part-Time Job Opportunity Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. TEXT OF PHISHING EMAIL From: [username]@ucla.edu Subject: UNICEF PART – TIME JOB OPPORTUNITY Good Day, I am a staff hear at the institution, a professor of Medicine shared a link for students who might be interested in PAID UNICEF PART-TIME POSITION job to make up to $400 (USD) weekly. Follow the link below for more info regarding the position – CLICK HERE NOTE: THIS IS STRICTLY A WORK FROM HOME POSITION. Sincerely, Dr. Daniel Spencer |
| 03/06/2020 | Staff & Employee Benefits Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: Sent: Friday, March 6, 2020 5:41 AM To: Subject: Staff & Employee Benefit All staff & employee are expected to verify their email account for new payroll directory and adjustment for the month of March benefit payment. Please kindly Click MARCH-BENEFIT and complete the required directive to avoid omission of your benefit payment for March 2020 Thank you, Help Desk. |
| 03/03/2020 | Recalculation of your Tax Refund Payment Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: IRS Subject: Recalculation of your Tax Refund Payment Internal Revenue Service (IRS) Dear Applicant, After the last calculations of your annual tax refund, we have determined that you are eligible to receive an extra tax refund of 1400.00 USD Please submit the tax refund request and click here by having your tax refund sent to your account in due time. Please do not reply as the email address is not monitored for received mail. |
| 11/13/2019 | We Need You Only If You Are Interested Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: AMAZON TEAM To: Subject: we need you only if you are interested On: Tuesday, November 12, 2019 at 6:24 AM Dear MysteryShopper, We have a MysteryShopper position in your area and the wage is 250 to 300 dollars per assignment,we would like you to participate,therefore we are accepting applications for this job.It's fun and rewarding.After you sign up you will have access to training materials.Kindly,send the requested information below to be enlisted. |
| 10/16/2019 | New Payroll Service Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: Sent: Tuesday, October 15, 2019 8:54 AM To: Subject: NEW PAYROLL SERVICE ALL STAFF ; This notice is to inform all employee of the current general upgrade of our employee service.This upgrade would help the organization to offer all eligible employee their benefit plan and salary increment that contribute to their overall wellness. These upgrade plans will provide you peace of mind today and years to come. All staff are hereby directed to re-validate their details in order to effect the new salary payment plan, increase in salary and entering of all eligible benefit and promotion. Kindly click on the link NEW PAYROLL SERVICE to re-validate your information and also apply for salary increment, promotion and enrollment of entitled benefits. |
| 10/15/2019 | Question – Application For a Professor Position Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. Subject: Question – application for a Professor position From: Martin Kroll Date: Sunday, October 13, 2019 at 6:10 PM Hello, I am interested to apply to your University for a Professor position. May I ask you to provide me with an email address for your human resources officer as well as the Dean of faculty/academic director who are in charge of the faculty recruitment process? Thank you very much for your support indeed. Best regards Dr. Martin Kroll |
| 09/17/2019 | RE: ICT Technical Support Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: Mabel Angelini To: Mabel Angelini Date, Friday, September 13, 2019 at 9:53 AM Subject: RE: ICT Technical Support We're migrating all e-mail accounts to Outlook Web App 2019, and all active account holders need to verify and sign in for the upgrade and migration to take effect. This is done to improve the security and efficiency of spam. NOTES: If you do not do so within the next 24 hours after receiving your request, we will contact you as soon as possible. Click on ICT Technical Support to migrate and block additional spam. Greetings, ICT management team, Outlook Web for employees. |
