Overview
Phishing is a type of cybercrime whereby fake emails, text, or social media posts/messages are used to lure individuals into providing sensitive information. Cyber criminals pose as legitimate senders and trick you into clicking on a malicious file or link. This then opens doors for them to steal your passwords, sensitive data, credit card details, and ultimately even your identity.
The OCISO advises faculty, staff, and students to be vigilant when opening emails from unknown, suspicious, or unexpected senders. Some of these messages can contain malicious content in the form of infected file attachments or carefully crafted social engineering campaigns.
Report phishing emails by forwarding them to us (it@arts.ucla.edu) and the UCLA Information Security Office (security@ucla.edu) with a subject line identifying the message as a phishing report.
Here are a few quicks steps you can take to avoid falling to phishing attacks:
- Are there any typos, special characters, or excessive numbers in the sender's address?
- If so, be extra cautious of a scam and look for other tell-tale phishing signs.
- Check the sender’s e-mail address or hover your mouse over the name to reveal the email address to make sure it’s legitimate. If it appears that your institution’s help desk is asking you to click on a link to increase your mailbox quota, but the sender is “UniversityHelpDesk @ yahoo.com,” then it’s a phishing message.
- If you don’t recognize the sender, be suspicious.
- Is the email subject line designed to provoke fear or pique curiosity?
- Phishing emails often revolve around rewarding a "won prize" or threatening the recipient. The hacker wants to excite or scare the recipient into taking action by clicking the given links.
- Is the salutation vague?
- Salutations such as "Dear client" or "Hello customer" are clear signs of scams. A real company contacting a customer with a legitimate email would address them by their first name.
- Are there spelling or grammatical errors in the body?
- Phishing emails often include grammatical and spelling errors.
- Don’t Open Links and Attachments From Unknown Senders.
Get into the habit of typing known URLs into your browser. Don’t open attachments unless you’re expecting a file from someone. Give them a call if you’re suspicious.
- Consider the context and timing surrounding the content.
- Hackers often send phishing emails asking for relief donations in the wake of natural disasters, preying on your empathy to click the link and "support.”
- When You’re Unsure, Call to Verify.
- If you receive an e-mail claiming to be from someone you know — a friend, colleague, or even the president of your college or university requesting that you perform an action such as transfer funds or provide sensitive information, call the number listed in the Campus Directory (not the number in the email) to verify legitimacy of the request.
- Don’t Talk to Strangers!
- If you receive a call from a stranger asking you to provide information or making odd requests? Hang up the phone and report it to the help desk.
The Office of the Chief Information Security Officer has an extensive library about cyber security, what to look out for, and what to do if you receive such emails.
Check it out here: https://ociso.ucla.edu/phishing-scams
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article