Phish Bowl
The UCLA Information Security Office advises faculty, staff, and students to be vigilant when opening emails from unknown, suspicious, or unexpected senders. Some of these messages can contain malicious content in the form of infected file attachments or attempts to steal personal information through carefully crafted social engineering campaigns.
These emails, collectively called "phishing emails," or "phishing scams," are designed to trick campus users into providing their passwords and other identifying information to attackers. They can also be designed to extort money or trick users into navigating to fake login pages, which can sometimes mimic the look of well-known logon screens, like the UCLA Logon page.
If you find the suspicious email you received already recorded in the phish bowl, please mark the email as spam, and you're done. If it's not noted in the phish bowl, please mark it as phishing (instructions below) and forward it to Information Security Team. It will be added so others are aware of it.
If you have responded to a suspicious email and/or clicked on a link and entered any account or personal information, please immediately contact the IT Support Center or your local departmental IT unit and reset your account password to prevent scammers from using your account.
How to Report a Phishing Scam
The UCLA Information Security Office requests that campus users report phishing messages to our team so that we can proactively alert campus users and bring awareness to widespread phishing campaigns. In order for the Information Security Office to take action in response to a reported phishing message, please follow these steps:
- Please follow instructions on How to Report a Phishing Scam
- Send the resulting message and attachment to security@ucla.edu with a subject line identifying the message as a phishing report.
It is important to be aware of fraudulent phishing schemes. Check back here as we update the list below with known phishing attempts.
| Date | Title | Description |
|---|---|---|
| Notification: 6 messages were not delivered | ||
| Remote Internship | ||
| Reply-Chain Phishing Emails - Re: Re : CEO/Executive Advisory Membership Service INV - Climb to a better Team | ||
| Voicemail Phish - Uclaextension insept - You've received a new voicemail in Microsoft Teams! | ||
| Impersonation Email Campaigns: New customer message | ||
| RESEARCH ASSISTANCE—UCLA! | ||
| Signed Update | ||
| RA NEEDED!!!! | ||
| ivory_cueball shared "STAFF AND STUDENT ACADEMIC ASSESSMENT FOR JANUARY 20251" with you | The following is a phishing email. If you receive this type of email, please do not respond to it or click on any hyperlinks. | |
| Important: Ebola Case Linked to Your Class | The UCLA Information Security Office would like to raise awareness and urge caution about an external website impersonating the legitimate UCLA Single Sign On (SSO) Authentication page to carry out credential harvesting attacks. | |
| CRITICAL: Potential Exposure Incident Identified | The UCLA Information Security Office is aware of a phishing campaign attempting to coerce recipients into entering their UCLA Login and MFA credentials onto a fake UCLA Login webpage. This is not a legitimate e-mail and recipients should not provide any information or click any links associated with the phishing e-mail. | |
| Fake - UCLA Postings: Freelance Opportunity with $500 Weekly Pay | UCLA Information Security Office is aware of UCLA students being targeted by fake job and internship scams. Please be mindful of phishing emails that may be disguised as a job opportunity. Example Email:--------------- Join Direct Relief's Emergency Engagement Team! We're expanding our mission nationwide and seeking dedicated individuals to join us. |
|
| UC Mail confirmation | The UCLA Information Security Office is aware of a phishing campaign attempting to coerce recipients into entering their credentials onto a fake UCLA 2FA credentials webpage. This is not a legitimate e-mail and recipients should not provide any information or click any links associated with the phishing e-mail. | |
| Piano Gift You will Love To Have | The UCLA Information Security Office is aware of a phishing campaign attempting to coerce recipients into receiving a piano. This is not a legitimate e-mail and recipients should not provide any information or reply back to the sender. These phishing e-mails may include messages the below: From: Subject: --- Piano Gift You will Love To Have --- | |
| Fake Job Posting - UCLA Department of Information Studies | UCLA Information Security Office is aware of UCLA students being targeted by fake job/internship scams. Be mindful of phishing emails that may be disguised as a job opportunity. |
