Identify Phishing Scams

Last updated April 12, 2013 11:59:25 AM PDT

Give more feedback

Phishing (pronounced “fishing’) is an email scam designed to acquire sensitive information from the target (you). The most successful phishing emails are designed to look like the email comes from a reputable source.

Many such emails that look as if they come from a UC San Diego source. Some of these are legitimate, some may not be.

Warning: IRS Phishing

Some UCSD faculty and staff are currently receiving e-mails claiming to be from the IRS stating that there was an error on your return and you need to fill out an online form to collect your refund. The IRS does not do business this way and will never send unsolicited e-mail asking for personal or financial information. If you receive one of these e-mails:

Do not reply
Do not open any attachments
Do not click on any links
Forward the message to abuse@ucsd.edu

Expand all

How can I tell if an email is fraudulent?

UC San Diego will never ask for any of the following information:

Verify your account information or ask for your password
Confirm your address
Confirm personal information (except UCSD affiliation) such as age, social security number, or home address.

The signature of the email will always include a legitimate UC San Diego department name. However, this alone should not be used to determine if an email from UCSD.

If you still suspect the message, you may check the campus archive here to see the recent official messages sent by UC San Diego and see if the message you received is listed. If the message is listed here, you can be assured it is a valid email.

Here is the recent official password change notice from UC San Diego.

How can I tell if a website link within an email is fraudulent?

Commonly, phishers put a link in their emails that looks valid but actually goes to a fake or copycat site. By hovering your mouse over the link in the email (but not actually clicking on the link), you can see the true address of the link as seen here:

Example of a Fake Phishing Link

How did phishers get my email?

As with spam, your email address may have been obtained from a compromised computer, an online directory, a publication, etc.

What do I do if I get a suspicious email?

Don't follow links to a webpage. Instead, check the company's website by typing the URL in your browser or call the company directly.
Don't fill out any e-mailed forms that ask for personal or financial information.
Delete the message.

Resources:

Anti-Phishing Working Group
Identity Theft Victims Guide, by the Privacy Rights Clearing House and CALPIRG
MillerSmilesCo.UK, archive of spoof e-mail and phishing scams
800 Notes: Verify a phone number that called you or see common phone scams.

How can I report a fraudulent email?

ACT continuously monitors for phishing emails and takes action whenever the message source can be reliably determined. Unfortunately, it is not possible to completely eliminate phishing scams, as the attacks are coming from so many different sources.

If you believe you have a phishing email, you can report it to abuse@ucsd.edu

Expand all

For more information, contact Administrative Computing & Telecommunications.

Technology

Security

Departments

ACT (Administrative Computing and Telecommunications)