UCLA Information Security Office is aware that members of the UCLA staff and community may receive reply-chain phishing emails.
What Is A Reply-Chain Phishing Email?
A reply-chain is a phish email that makes it appear there is a chain of replies and will likely include replies that attempt to make it appear they are from other UCLA staff. The email arrives with what seems to be a chain of messages between a vendor and UCLA staff members, and it is designed to appear legitimate.
One of the most common uses of this type of phish is to attempt to get the recipient to pay an invoice to the attacker, by making it look like it was previously sent to other UCLA staff members and approved for payment throughout the email chain. The chain may show the staff member's actual email or different addresses such as with @gmail.com.
Example Reply-Chain:
From: Collins James <antziletosa@kotsovolos.gr>
Sent: Wednesday, March 19, 2025 2:58 PM
To: UCLA Email <User@ucla.edu>
Subject: INV Submission for UCLA International Institute - Executive Advisory Membership
Hello,
As requested please find the attached past-due Invoice for Business coaching and Development + VIP membership.
Please refer to the email conversation below for further details. We respectfully ask for payment to be released this week as the invoice is overdue.
Regards,
Collins James
Billing Assistant | Baker McKenzie LLP
26005 Windsong, Lake Forest, CA 92630
receivable@uymail.com
From: UCLA Email <User@ucla.edu>
Sent: Thursday, June 13, 2024 04:17 PM
To: Collins James <receivable@uymail.com>
Subject: Re: Re : CEO/Executive Advisory Membership Service INV - Climb to a better Team
Hi Collins,
Yes, I did receive your invoice mail but assumed you also sent a copy to our AP as I specified during the initial setup and registration. Could you please confirm if this was done? If not, please send a copy to our Accounting department.
We apologize for any inconvenience this may have caused and will ensure the payment is processed promptly once we receive confirmation.
Thank you for your understanding and cooperation.
From: Collins James <receivable@uymail.com>
Sent: Thursday, June 13, 2024 03:15 PM
To: UCLA Email <User@ucla.edu>
Subject: RE: CEO/Executive Advisory Membership Service INV - Climb to a better Team
Hello,
I hope this message finds you well.
I am writing to follow up on the invoice (Invoice Number: INV1108360) that was issued to you on 01-22-2025 and due upon receipt. As of today, we have not yet received payment for the amount of 57,500.00 USD.
We understand that sometimes payments can be delayed due to unforeseen circumstances. However, to ensure that you continue to enjoy uninterrupted access to all the exclusive benefits of the McKenzie Advisory VIP Club, we kindly request that you settle the outstanding amount at your earliest convenience.
Thanks for your prompt attention to this matter.
Regards,
Collins James
Billing Assistant | Baker McKenzie LLP
26005 Windsong, Lake Forest, CA 92630
receivable@uymail.com
From: Invoices <receivable@uymail.com>
Sent: Wednesday, January 22, 2025 11:41 AM
To: UCLA Email <User@ucla.edu>
Subject: CEO/Executive Advisory Membership Service INV - Climb to a better Team
We're thrilled to extend a warm welcome to you as a member of the McKenzie Advisory VIP Club. A distinguished community comprising executives of your Caliber.
As a participant in the McKenzie Advisory VIP Club, here's what's in store for you:
Personal VIP Relationship Manager, First Glimpse at New Products, Invitations to Exclusive Events, Surprises & Rewards, Priority Live Chat Support.
Please find attached your invoice for payment and see invoice summary below:
Invoice Summary:
· Invoice Number: INV1108360
· Date Issued: 01-22-2025
· Due Date: Upon Receipt
· Amount: 57,500.00 USD
Further Action Required:
To avoid any disruption in our services, we urge you to settle your payment by the due date. Doing so will ensure your continued access to our comprehensive services aimed at propelling your business forward:
We value your participation in our entrepreneurial community and are committed to supporting your business endeavors. Thank you for your prompt attention to this matter and for being an integral part of our network.
Please Note: This message is automatically generated and sent for notification purposes only. Replies to this email cannot be monitored or answered. For all inquiries or support needs, please contact Collins James directly.
Confidentiality Notice: This communication, including any attachments, contains confidential information intended only for the recipient(s). Unauthorized use, disclosure, or copying of this information is strictly prohibited. If you are not the intended recipient, please notify the sender immediately and delete all copies of this message.
Stay safe!
When in doubt, look for these signs, and use your best judgement. Verify the email and invoice by contacting the staff member directly. Don’t use the number or email address from the email. Use the Campus Directory to reach out to the staff member: https://directory.ucla.edu/
Report Scams
If you receive a suspicious email, do not click on any links, open any attachments, send payment, or supply any credentials. Please do not reply to the email and immediately contact security[@]ucla.edu and report it to your IT team.
