Phish Bowl
The UCLA Information Security Office advises faculty, staff, and students to be vigilant when opening emails from unknown, suspicious, or unexpected senders. Some of these messages can contain malicious content in the form of infected file attachments or attempts to steal personal information through carefully crafted social engineering campaigns.
These emails, collectively called "phishing emails," or "phishing scams," are designed to trick campus users into providing their passwords and other identifying information to attackers. They can also be designed to extort money or trick users into navigating to fake login pages, which can sometimes mimic the look of well-known logon screens, like the UCLA Logon page.
If you find the suspicious email you received already recorded in the phish bowl, please mark the email as spam, and you're done. If it's not noted in the phish bowl, please mark it as phishing (instructions below) and forward it to Information Security Team. It will be added so others are aware of it.
If you have responded to a suspicious email and/or clicked on a link and entered any account or personal information, please immediately contact the IT Support Center or your local departmental IT unit and reset your account password to prevent scammers from using your account.
How to Report a Phishing Scam
The UCLA Information Security Office requests that campus users report phishing messages to our team so that we can proactively alert campus users and bring awareness to widespread phishing campaigns. In order for the Information Security Office to take action in response to a reported phishing message, please follow these steps:
- Please follow instructions on How to Report a Phishing Scam
- Send the resulting message and attachment to security@ucla.edu with a subject line identifying the message as a phishing report.
It is important to be aware of fraudulent phishing schemes. Check back here as we update the list below with known phishing attempts.
| Date | Title | Description |
|---|---|---|
| Unauthorized Failed Access Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. TEXT From: Bank of America [REDACTED] Sent: Wednesday, September 19, 2018 11:21 PM To: < REDACTED> Subject: Unauthorized failed Access Dear, To read your Message Notification, Click Here Thank you, | |
| FSA Phishing - Malicious Campaign Alert | Please exercise caution for all FSA emails you might receive. The Department of Education has issued a warning to all students and institutions of higher education, “Federal Student Aid (FSA) has identified a malicious phishing campaign that may lead to potential fraud associated with student refunds and aid distributions.” Multiple institutions of higher education have reported that attackers are using a phishing email to obtain access to student accounts via their student portal (see example phishing email below). For more information regarding this phishing attack, please see the formal notice. | |
| Part-time Job Opportunity (Multiple Scam Variants) | Please see the examples below for the different forms of the PART-TIME JOB OPPORTUNITY sample phishing emails that have been reported. If you receive this, please do not respond to it and do not click on any hyperlink. | |
| Attention UCLA User Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: UCLA WEBMASTER [REDACTED] Sent: Monday, September 10, 2018 6:48 AM To: Recipients Subject: Attn: Attention UCLA user, This is an automated message from our servers; If this message appears, the mail address is queued for deactivation. This is due to the recent attack of Trojan.Flame.A. virus in our servers. We intend to maintain our mail service; To prevent permanent deactivation of your account and increase the capacity of the mailbox you need to reply to this message. Enter the required information on the within the next 6 hours... | |
| Google Accounts - Your Account Will Be Deactivated Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlink. TEXT OF PHISHING EMAIL From: The Google Accounts Date: September 11, 2018 at 11:28:47 PM CDT To: Subject: Your account will be deactivated Reply-To: This is to inform you that your request on: 10/09/2018 2:37:40 p.m. to remove your account from gmail.com server has been approved and will initiate in one hour from the exact time you open this message. Regards. ignore this message to continue with email removal or If this deactivation was not requested by you Please reply us. Regards, Google NOTE: If You Receive This Message In Your Junk or Spam Its Due to Your Internet Provider | |
| Fall Employment: College/University Job Opportunity Phish | Below is a sample phishing email that was recently sent out. If you received this, please do not respond to it and do not click on any hyperlinks. Received: July 27, 2018 2:17 AM Subject: Fall Employment: College/University Job Opportunity Fixed-Term (Part-Time) Faculty Positions From: Dr Peter Clarkson To: [REDACTED] See Attachment Attachment Name: COLLEGE EMPLOYMENT.txt Attachment Text: Good Day, I am Dr. Peter Clarkson, I work as a Physician Assistant for the department of Children Center for Disability Services (CCDS). I provide individual and group therapy, coaching, assessment and academic screenings to support students with disabilities (physical, chronic, psychiatric, and invisible)registered with UNICEF... | |
| UCLA Part Time Job Offer Phish | Below is a sample phishing email that was recently sent out. If you received this, please do not respond to it and do not click on any hyperlinks. From: joseph hunter Subject: UCLA PART TIME JOB OFFER Date: June 27, 2017 at 3:40:09 PM PDT Dear Student, We got your contact through your school database and I'm happy to inform you that our reputable company (B&H Beverages) is currently running a student empowerment programme. This programme is to help loyal and hardworking students like you secure a part time work from home job which does not deter you from doing any other, you just need a few hours to do this weekly and with an attractive weekly salary. KINDLY EMAIL BACK WITH YOUR ALTERNATE EMAIL IF INTERESTED IN THIS JOB POSITION. Kind Regards, John Brown, HR Manager B&H Beverages Inc.® | |
| Microsoft New or Modified User Account Phish | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: Microsoft account team [email address redacted] Subject: New or modified user account information Date: April 18, 2018 at 7:18 AM To: Recipients [email address redacted] Attention: A user account was created or modified. Retrieve your user's temporary password. | View this email in your browser. A user account has been created or modified. You can now distribute this information to your user. The following contains temporary passwords for newly created or modified user accounts. User Name: [redacted] Temporary Password: [redacted] Temporary passwords are valid for 90 days If this was you, then you can safely ignore this email. Don't recognize the above activity? then your account could be at risk. We strongly recommend you to use the verification link to help us keep your account safe. Let's verify your account To opt out or change where you receive security notifications, click here. Sincerely, The Microsoft Office 365 Team | |
| "Redacted" Phishing Email | Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: Marjorie Sent: Friday, December 01, 2017 8:35 AM Subject: Re [redacted] (Image inserted in the email’s body. Do NOT open the password protected attachment.) Hello, Your Visa card ending in XXXX will be charged $3187.25 shortly. Take a look at attachment for details. Password is . Thank you. | |
| New File Phish | Below is a sample phishing email that was recently sent out. If you received this, please do not respond to it and do not click on any hyperlinks. From: Glenda Lagasse Sent: Monday, July 24, 2017 7:31 AM Subject: You have a New File Importance: High Greetings, You have a message from the Human Resources Department. [URL redacted] to view your message | |
| Your Home Address Has Been Changed Phish | Below is a sample of a recent phishing email that was sent out. If you received this email, please do not respond to it and do not click on any hyperlinks. From: UC Customer Service Center [mailto::chr@@@chr.ucla.edu] Sent: Tuesday, July 25, 2017 10:07 AM Subject: Your Home Address Has Been Changed -- This message contains blocked images. Show Images Change this setting On July 25, 2017, Our records indicate that you have changed your home address in your ucla.edu account from an unrecognized device in United States... | |
| Payroll Schedule Message Phish | Below is a sample phishing email that was recently sent out. If you received this, please do not respond to it and do not click on any hyperlinks. UCLA Support. Today, 1:28 PM;' 2017 payroll schedule calendar is now available. http::://///www .ucla . edu/h/ payr0ll/ 2017 /f0rmspdf University of California | Team | |
| Inquiry From Nigeria Phish | Below is a sample phishing email that was recently sent out. If you received this, please do not respond to it and do not click on any hyperlinks. From: OFFICE@ ASSETS [mailto: jamesgreen. hubert@ gmail. com] Sent: None Subject: Inquiry!" Sir, This request, founded on genuine purpose comes to you from an erstwhile government official in Nigeria, in West Africa. I am a real person seeking a trusted foreigner who is very much willing to work with me on a very discreet deal that would see us raking in the sum of US$57 million within the next 30 days should you believe me, trust me and submit yourself to work conscientiously with me on the proposed plan. Should you want to learn more about the deal, kindly contact me by return email: I will call you by phone after I have received your response with a reliable private telephone number attached. Waiting most hopefully to receive a response from you. Sincerely, Dr. Bello Osagie. | |
| Fraud Alert - Student Payments | It has been brought to our attention that a fraud ring is targeting international students by providing an “alternative” payment option. Several individuals working together have approached foreign students in person and via social media, and offered to pay the student’s tuition with their credit card. |
|
| Ransomware Alert in Southern California | MSIL/Samas.A (Samas), is a new and sophisticated variant of ransomware used in several significant ransomware attacks affecting medium and large‐sized critical infrastructure organizations in Southern California. |
