Phishing is an attempt by a criminal attacker, usually through email, to illegally gain access to your computer to acquire sensitive.
An attacker may send you an email, posing as your IT Administrator requesting you to take action and click on a “secure” link, open an attachment or log into a website. When you click on the attacker’s malicious link or open a malicious attachment, your computer is infected with malicious software called malware. The malware gives the attacker access into your computer where the attacker can read your email, access files on your hard drive and the network, and attack other users or systems on the network — all from your computer! Once the attackers have gathered up all of your stolen data they upload it from your computer and out to the Internet.
If you click on a malicious link or open a malicious attachment, it could corrupt all the files on your machine, give the attackers access to UCLA’s network and servers, and lead to reputational damage and significant money loss.
Phishers know that they can manipulate people by stirring up their emotions. Common approaches are to play on fear, empathy, urgency, or even greed.
Recognize the Signs
- Verify the Sender. Check the sender’s e-mail address or hover your mouse over the name to reveal the email address to make sure it’s legitimate. If it appears that your institution’s help desk is asking you to click on a link to increase your mailbox quota, but the sender is “UniversityHelpDesk @ yahoo.com,” then it’s a phishing message. If you don’t recognize the sender, be suspicious.
- Obvious Misspellings and Grammatical Errors. If the message contains obvious typed errors, bad /incorrect grammar and word choices, beware.
- Don’t Open Links and Attachments from Unknown Senders. Get into the habit of typing known URLs into your browser. Don’t open attachments unless you’re expecting a file from someone. Give them a call if you’re suspicious.
- When You’re Unsure, Call to Verify. If you receive an e-mail claiming to be from someone you know — a friend, colleague, or even the president of your college or university requesting that you perform an action such as transfer funds or provide sensitive information, call the number listed in the Campus Directory (not the number in the email) to verify legitimacy of the request.
- Don’t Talk to Strangers! If you receive a call from a stranger asking you to provide information or making odd requests? Hang up the phone and report it to the help desk.
Criminals can also try to engage you through text phishing messages called Smishing. Through Smishing attacks, scammers reach out by text to try to manipulate you into sharing personal information or deceive you to unknowingly download malware onto your phone or device. Be alert and remember that scammers are very successful in smishing, because users tend to trust text messages.
If you receive a text that seems to be from a credible source, such as a health care provider regarding an annual checkup appointment with a link or number baiting you to click or call, do not click on the unknown link. It may be a smishing attack. Be alert and remember that scammers are very successful in smishing, because users tend to trust text messages.
Tip: Do not respond to suspicious message requests even when they ask that you “text STOP” to no longer receive them.
What to Do If You Have Been Phished
- Change your password immediately.
- If you have reset questions and answers, change them.
- Report the phishing email to your local IT Administrator and to the Information Security Office.
- If you are unsure that you have been phished, but believe an email might be malicious, report it to the Information Security Office to investigate by sending an email to email@example.com.
UCLA Phishing Awareness
To see updated alerts on phishing attempts across campus visit our phishing alert page.