Phish Bowl
The UCLA Information Security Office advises faculty, staff, and students to be vigilant when opening emails from unknown, suspicious, or unexpected senders. Some of these messages can contain malicious content in the form of infected file attachments or attempts to steal personal information through carefully crafted social engineering campaigns.
These emails, collectively called "phishing emails," or "phishing scams," are designed to trick campus users into providing their passwords and other identifying information to attackers. They can also be designed to extort money or trick users into navigating to fake login pages, which can sometimes mimic the look of well-known logon screens, like the UCLA Logon page.
If you find the suspicious email you received already recorded in the phish bowl, please mark the email as spam, and you're done. If it's not noted in the phish bowl, please mark it as phishing (instructions below) and forward it to Information Security Team. It will be added so others are aware of it.
If you have responded to a suspicious email and/or clicked on a link and entered any account or personal information, please immediately contact the IT Support Center or your local departmental IT unit and reset your account password to prevent scammers from using your account.
How to Report a Phishing Scam
The UCLA Information Security Office requests that campus users report phishing messages to our team so that we can proactively alert campus users and bring awareness to widespread phishing campaigns. In order for the Information Security Office to take action in response to a reported phishing message, please follow these steps:
- Please follow instructions on How to Report a Phishing Scam
- Send the resulting message and attachment to security@ucla.edu with a subject line identifying the message as a phishing report.
It is important to be aware of fraudulent phishing schemes. Check back here as we update the list below with known phishing attempts.
| Date | Title | Description |
|---|---|---|
| 02/06/2019 | Security Notice Someone Have Access to Your System Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: [redacted] Sent: Saturday, January 26, 2019 2:07 PM To: [redacted] Subject: Security Notice. Someone have access to your system. Hello! I have bad news for you. 09/10/2018 - on this day I hacked your OS and got full access to your account [redacted] On this day your account [redacted] has password: [redacted] So, you can change the password, yes.. But my malware intercepts it every time. How I made it: In the software of the router, through which you went online, was a vulnerability. I just hacked this router and placed my malicious code on it. When you went online, my trojan was installed on the OS of your device... |
| 12/21/2018 | Good News Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: [redacted]@truvista.com Sent: Thursday, December 20, 2018 12:05 AM To: N\A Subject: good news Sensitivity: Normal |
| 12/14/2018 | NEW-PART-TIME-WORK@NEWJOB[.]ORG Has Shared Directory - Radford University Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: NEW-PART-TIME-WORK@NEWJOB[.]ORG Sent: Wednesday, December 12, 2018 8:32 AM To: Subject: NEW-PART-TIME-WORK@NEWJOB[.]ORG has shared Directory - Radford University Survey Evaluation Job in your city for $500. click the jotform link below to apply: hxxps://form.myjotform.com/83197988260573 Taylor Mckee Directory - Radford University hxxps://www.radford.edu/content/radfordcore/home/directory.html#kHqjtyslEVRioIcM.03 --- NEW-PART-TIME-WORK@NEWJOB[.]ORG shared this using Po.st |
| 12/04/2018 | Survey Invitation to Evaluate Steven Jonas Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: noreply@qumailserver.com Date: Mon, Nov 19, 2018 at 10:52 AM Reply-To: To: Steven Jonas is participating in a science team leadership development program. As part of that program, Steven Jonas is receiving a number of 360 degree surveys to provide developmental feedback regarding his or her leadership. You have been nominated as someone who has sufficient experience with Steven Jonas to be able to provide relevant and accurate feedback. Please click the link below to access the survey... |
| 11/30/2018 | SURVEY-EVALUATION-JOB@TMS.ORG | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: SURVEY-EVALUATION-JOB@TMS.ORG [mailto:SURVEY-EVALUATION-JOB@TMS[.]ORG] Sent: Friday, November 23, 2018 11:08 PM To: (Redacted) Subject: SURVEY-EVALUATION-JOB@TMS.ORG has shared Directory - Radford University Survey Evaluation Job in your area for $500. click the jotform link below for registration: hxxps[:]//form.myjotform[.]com/83197988260573 Clara Baran Directory - Radford University hxxps[:]//www.radford[.]edu/content/radfordcore/home/directory[.]html#xCbEmAoofrES... --- SURVEY-EVALUATION-JOB@TMS[.]ORG shared this using Po.st |
| 11/30/2018 | 1 New Unread Email Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. Subject: 1 New Unread Email From: UCLA CS Department Date: Tue, Nov 27, 2018 at 9:19 AM 1 New Unread Email Click Here To Read UCLA CS Department |
| 11/30/2018 | Re: IT Service Desk Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: Sent: Wednesday, November 28, 2018 7:45 AM To: Subject: Re: IT-Service Desk Important Notice from IT Help Desk Team, we are updating all Faculty/Staff and Employees mailbox to new Outlook Web App/Owa for 2018 version. kindly click on Outlook Web Access to update the new version. IT Help-desk/support Desk © Copyright 2018 Microsoft All right Reserved |
| 11/30/2018 | SURVEY-EVALUATION-JOB@TMS.ORG Has Shared Directory - Radford University Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlink. From: SURVEY-EVALUATION-JOB@TMS.ORG [mailto:SURVEY-EVALUATION-JOB@TMS[.]ORG] Sent: Friday, November 23, 2018 11:08 PM To: (Redacted) Subject: SURVEY-EVALUATION-JOB@TMS.ORG has shared Directory - Radford University Survey Evaluation Job in your area for $500. click the jotform link below for registration: hxxps[:]//form.myjotform[.]com/83197988260573 Clara Baran Directory - Radford University hxxps[:]//www.radford[.]edu/content/radfordcore/home/directory[.]html#xCbEmAoofrES... --- SURVEY-EVALUATION-JOB@TMS[.]ORG shared this using Po.st |
| 11/05/2018 | Billing Problem (Apple ID) Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: AppIe Date: Friday, November 2, 2018 at 6:11 PM To: REDACTED Subject: BiIIing ProbIem [IMAGE] Important, Please Check Your Apple account! Hi Customer, Recently, we have detected suspicious behaviour regarding your account activity. For your security, we have restricted access to your Apple account, you can release those limitations by completing a simple verification form available on the button bellow . Confirm Now Thanks for according us your time, please note that your security is our priority . Feel Free to contact us this eMail is secured by us |
| 10/04/2018 | RE: Support Desk Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. TEXT OF PHISHING EMAIL From: REDACTED Date: October 1, 2018 at 1:24:27 PM PDT To: REDACTED Subject: RE: Support Desk Important Notice from IT Help Desk Team, we are updating all Faculty/Staff and Employees mailbox to new Outlook Web App/Owa for 2018 version. kindly click on Outlook Web Access to update the new version. IT Help-desk/ (c) Copyright 2018 Microsoft All right Reserved |
| 10/04/2018 | ITHelp Desk Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. TEXT OF PHISHING EMAIL From: FOfei@gldd.com Sent: Wednesday, October 03, 2018 12:24 PM Subject: ITHelp Desk Dear User, This is to notify you that we are validating active accounts. Kindly confirm that your account is still in use by clicking the validation link below: Validate Email Account Sincerely, IT Help Desk Office of Information Technology. |
| 10/04/2018 | Payment Successful Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: Apple I D [mailto:payment@dcf.it] Sent: Tuesday, October 02, 2018 4:37 AM To: Subject: Payment Successful Paid APPLE ID CORPORATE ADDRESS One Apple Park Way Cupertino, CA 95014 USA DATE Tuesday, October 2, 2018 ORDER ID MQKE09292G DOCUMENT NO. 160928459294 |
| 10/03/2018 | Email Policy Updates Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. TEXT OF PHISHING EMAIL From: [redacted]@comcast.net Sent: Sunday, September 30, 2018 9:05 AM To: [redacted] Subject: Email Policy Updates Sensitivity: Confidential You will just be required to click the link below and enter your e-mail and password as presented below. Click here to proceed. Sign in below using your username and password (Students, Associates and Staff - your University email address is your username) Email Address Password Sign in |
| 10/03/2018 | Your Mailbox De-activation Notice Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. TEXT OF PHISHING EMAIL From: "support.ucla.edu" Date: Wednesday, August 15, 2018 at 4:53 PM To: REDACTED Subject: Your Mailbox De-activation Notice Dear < REDACTED> , We're no longer able to verify your identity, and we strongly encourage you to verify it. Verify Mailbox Here > You stand the chance of losing your account if you are not below validation. Thank you |
| 09/20/2018 | Unauthorized Failed Access Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. TEXT From: Bank of America [REDACTED] Sent: Wednesday, September 19, 2018 11:21 PM To: < REDACTED> Subject: Unauthorized failed Access Dear, To read your Message Notification, Click Here Thank you, |
