Phish Bowl
The UCLA Information Security Office advises faculty, staff, and students to be vigilant when opening emails from unknown, suspicious, or unexpected senders. Some of these messages can contain malicious content in the form of infected file attachments or attempts to steal personal information through carefully crafted social engineering campaigns.
These emails, collectively called "phishing emails," or "phishing scams," are designed to trick campus users into providing their passwords and other identifying information to attackers. They can also be designed to extort money or trick users into navigating to fake login pages, which can sometimes mimic the look of well-known logon screens, like the UCLA Logon page.
If you find the suspicious email you received already recorded in the phish bowl, please mark the email as spam, and you're done. If it's not noted in the phish bowl, please mark it as phishing (instructions below) and forward it to Information Security Team. It will be added so others are aware of it.
If you have responded to a suspicious email and/or clicked on a link and entered any account or personal information, please immediately contact the IT Support Center or your local departmental IT unit and reset your account password to prevent scammers from using your account.
How to Report a Phishing Scam
The UCLA Information Security Office requests that campus users report phishing messages to our team so that we can proactively alert campus users and bring awareness to widespread phishing campaigns. In order for the Information Security Office to take action in response to a reported phishing message, please follow these steps:
- Please follow instructions on How to Report a Phishing Scam
- Send the resulting message and attachment to security@ucla.edu with a subject line identifying the message as a phishing report.
It is important to be aware of fraudulent phishing schemes. Check back here as we update the list below with known phishing attempts.
| Date | Title | Description |
|---|---|---|
| 10/16/2019 | New Payroll Service Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: Sent: Tuesday, October 15, 2019 8:54 AM To: Subject: NEW PAYROLL SERVICE ALL STAFF ; This notice is to inform all employee of the current general upgrade of our employee service.This upgrade would help the organization to offer all eligible employee their benefit plan and salary increment that contribute to their overall wellness. These upgrade plans will provide you peace of mind today and years to come. All staff are hereby directed to re-validate their details in order to effect the new salary payment plan, increase in salary and entering of all eligible benefit and promotion. Kindly click on the link NEW PAYROLL SERVICE to re-validate your information and also apply for salary increment, promotion and enrollment of entitled benefits. |
| 10/15/2019 | Question – Application For a Professor Position Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. Subject: Question – application for a Professor position From: Martin Kroll Date: Sunday, October 13, 2019 at 6:10 PM Hello, I am interested to apply to your University for a Professor position. May I ask you to provide me with an email address for your human resources officer as well as the Dean of faculty/academic director who are in charge of the faculty recruitment process? Thank you very much for your support indeed. Best regards Dr. Martin Kroll |
| 09/17/2019 | RE: ICT Technical Support Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: Mabel Angelini To: Mabel Angelini Date, Friday, September 13, 2019 at 9:53 AM Subject: RE: ICT Technical Support We're migrating all e-mail accounts to Outlook Web App 2019, and all active account holders need to verify and sign in for the upgrade and migration to take effect. This is done to improve the security and efficiency of spam. NOTES: If you do not do so within the next 24 hours after receiving your request, we will contact you as soon as possible. Click on ICT Technical Support to migrate and block additional spam. Greetings, ICT management team, Outlook Web for employees. |
| 09/02/2019 | Urgent Hire Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: part-time job Date: Mon, Sep 2, 2019 at 11:33 AM Subject: URGENT HIRE To: The services of a student administrative assistant is urgently required to work Part-time and get paid $ 350 weekly. This position is open to UCLA under- graduates only. If interested reply via this email address or text 8035971655 for further details. Thanks Prof. Damon Linda |
| 08/09/2019 | Subject: Re:DF Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: To: Date: Saturday, July 20, 2019 at 2:17 AM Subject: Re:df For your information The letter implies authority, of your account You will not be able to send or receive messages. To activate Click the link and complete the information required; Centurylink© 2019 |
| 08/07/2019 | Help Desk Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: help desk Date: Wednesday, August 7, 2019 at 8:55 AM To: Subject: Service Your e-mail password expires in 2 days to retain e-mail password and details. CLICK HERE to update immediately. Thank You. IT Help Desk. ©Copyright 2019. System Administrator |
| 07/19/2019 | About: Ownership Confirmation of [account]@ucla.edu Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: ucla.edu [mailto notification at server.com] >Sent: Monday, July 15, 2019 1:59 AM To: Subject: About: Ownership Confirmation of @ucla.edu Dear , Please see below detail notification for ucla.edu Date: Monday, July 15th, 2019 09:52 a.m Critical Date: Friday, July 19th, 2019 Reason: Reason: Pending incoming emails with attachments that you are yet to receive. Failure: Access to @ucla.edu will be restricted until you confirm ownership. Session ID: ucla.edu//wrdoogugjmroxiflrkga Confirm account ucla.edu Note: Access to @ucla.edu will be restricted within 48 (forty eight) working hours. |
| 07/17/2019 | Re: Mailbox Limit Have Exceeded Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: IT Helpdesk Sent: Tuesday, July 16, 2019 8:13 PM To: Subject: Re: Mailbox limit have exceeded. Your mailbox have exceeded the Quota set by the Mail Team. You may not be able to send or receive new email until you re-enable your web mail. To validate, click here |
| 07/12/2019 | Email Alert From UCLA Division of Astronomy & Astrophysics Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: UCLA Division of Astronomy & Astrophysics Sent: Thursday, July 11, 2019 4:08 AM To: undisclosed-recipients: Subject: Email Alert From UCLA Division of Astronomy & Astrophysics Dear UCLA Astronomy & Astrophysics Account users, This message is from UCLA Astronomy & Astrophysics System Technical Support Team Admin. Be inform that all UCLA Astronomy & Astrophysics e-mail users must update their UCLA Astronomy & Astrophysics e-mail account to the new 2019 e-mail version for fast and maximum security of your account. Note that you are expected to click on the link given below and confirm your UCLA Astronomy & Astrophysics User ID and Password Or Pass-phrase to upgrade your account. |
| 06/13/2019 | Dr. Karen L Gordes Work-Study Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. Hi Student, I'm Dr. Karen L Gordes, I feel comfortable discussing this WORK- STUDY opening with you since you were referred by the university chamber of commerce. I am very busy that is why i have asked for your help as my temporary personal assistant. I provide individual and group therapy, coaching, assessment and many University of students with academic difficulties and no prior diagnosis are seen and assessed through the academic screening and assessment process. You have received this email because you have an offer from the University Office to help Students with Disabilities to work with me while we help Students with disabilities frustrated with ignorance and lack of services but as my temporary personal assistant |
| 05/29/2019 | Enclosed Internship Weekly Work & Study Jobs For Students Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: amira service [mailto . :amirainsurance@@@outlook.com] Sent: Monday, May 13, 2019 5:42 PM Subject: ENCLOSED INTERNSHIP WEEKLY WORK & STUDY JOB FOR STUDENTS Importance: Low Dear Student, I am Dr Christopher Bowman, i work with the Disability Resources & Educational Services I feel so comfortable discussing this Internship WORK & STUDY opening since you were referred by the university chamber of commerce for a Personal Assistant job position. |
| 05/28/2019 | RE: Action Required: Update Your Payment Information Now Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. Attention: Your payment has been declined. Please update your payment information today to avoid service interruption. | View this email in your browser. Your payment has been declined. Please update your payment information now. UPDATE YOUR PAYMENT INFORMATION Our records indicate that the payment method you used to purchase Office 365 Business Essentials was declined. Please contact your bank for the details on the failed charges. To avoid service interruption, please update your payment information now. |
| 05/28/2019 | Sextortion Scam - Multiple Variants | Sextortion Scams are becoming more prevalent. Please see the two links below for an explanation of what a sextortion scam is and an article on a current scam that is making it around the Internet. Below are two sample phishing emails recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks |
| 05/28/2019 | Voicemails Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: Anna Aman [mailto:anna@@@amancs[.]com] Sent: Saturday, May 11, 2019 9:18 AM To: Subject: Voicemails USER ID : [REDACTED] You received a new voicemails from Anna Aman Date Received: May-11-2019 Duration: 00:03:31 Listen-voicemail-00:03:31 Regards, Voicemail |
| 05/28/2019 | New Important Article Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: UCLA IT Services Date: Thursday, April 25, 2019 at 9:20 AM To: Subject: New Important Article To all UCLA Faculty, Staff & Students See this article on our website at https;;://www.i . t.ucla.edu/News/?page= . Article&id=2460. **For Immediate Release** |
