UC San Diego SearchMenu

Identify Phishing Scams

Phishing (pronounced “fishing’) is an email scam designed to acquire sensitive information from the target (you). The most successful phishing emails are designed to look like the email comes from a reputable source.

Many such emails that look as if they come from a UC San Diego source. Some of these are legitimate, some may not be.

Recent phishing scam

The data storage company Seagate was recently tricked by an email request that appeared to be coming from a trusted inside source. An employee who received the email replied, attaching W-2 information belonging to several thousand employees for someone who was “phishing” for information.

Keep information safe at UC San Diego:  

  • Call the individual or office sending the email to confirm that it is a real request.
  • Work with your IT department representative to ensure secure information delivery. 
  • Report phishing attempts and false senders to abuse@ucsd.edu.

Expand all

How can I tell if an email is fraudulent?

UC San Diego will never ask for any of the following information:

  • Verify your account information or ask for your password
  • Confirm your address
  • Confirm personal information (except UC San Diego affiliation) such as age, social security number, or home address.

The signature of the email will always include a legitimate UC San Diego department name. However, this alone should not be used to determine if an email from UC San Diego.

If you still suspect the message, you may check the campus archive here to see the recent official messages sent by UC San Diego and see if the message you received is listed. If the message is listed here, you can be assured it is a valid email.

Here is the recent official password change notice from UC San Diego.

How can I tell if a website link within an email is fraudulent?

Commonly, phishers put a link in their emails that looks valid but actually goes to a fake or copycat site. By hovering your mouse over the link in the email (but not actually clicking on the link).

How did phishers get my email?

As with spam, your email address may have been obtained from a compromised computer, an online directory, a publication, etc.

What do I do if I get a suspicious email?

Don't follow links to a webpage. Instead, check the company's website by typing the URL in your browser or call the company directly.
Don't fill out any emailed forms that ask for personal or financial information.
Delete the message.


How can I report a fraudulent email?

IT Services continuously monitors for phishing emails and takes action whenever the message source can be reliably determined. Unfortunately, it is not possible to completely eliminate phishing scams, as the attacks are coming from so many different sources.

If you believe you have a phishing email, report it to abuse@ucsd.edu.

Expand all

Note: this page has a friendly link that is easy to remember: http://blink.ucsd.edu/go/phish.