Last Updated: August 30, 2016 2:52:37 PM PDT
Find out how recognize a scam email.
Phishing (pronounced “fishing’) is an email scam designed to acquire sensitive information from the target (you). The most successful phishing emails are designed to look like the email comes from a reputable source.
UC San Diego faculty, staff, and students are often the target of attempts to gain login credentials or personal information, also known as phishing. Phishing is the practice of requesting confidential information in an email that looks like it is from an institution such as a university, bank, IRS, USA or other government, law firm, the Post Office, UPS, FedEx, Amazon, eBay, PayPal or any store or social media.
There has been a recent increase in phishing attempts that claim to be from UC San Diego, UCSD IT Services, or a UCSD department. Sometimes the email says that your email account is over quota, that you must click a link to reactivate or update your account, or that you must provide your user information to keep your account active. These are fraudulent attempts to gain access to your credentials or personal information.
- Never share your passwords with anyone
- UCSD, UCSD IT Services, your bank, FedEx, the IRS, your credit card company, etc. will never ask for your password by email, phone, text message, or in person.
- Financial institutions will communicate with you via secure messaging. You may receive an email from a financial institution informing you of this message, but it will never ask for your personal information or password.
- Do not click on any imbedded buttons in a phishing email, especially those that say “unsubscribe” or “remove me from this mailing list.” These links often install malware on your systems.
- Call the individual or office sending the email to confirm that it is a real request.
- Work with your IT department representative to ensure secure information delivery.
- Report phishing attempts and false senders to firstname.lastname@example.org.
If you have any questions about phishing, you can always consult your department systems administrator or IT Services at email@example.com
UC San Diego will never ask for any of the following information:
- Verify your account information or ask for your password
- Confirm your address
- Confirm personal information (except UC San Diego affiliation) such as age, social security number, or home address.
The signature of the email will always include a legitimate UC San Diego department name. However, this alone should not be used to determine if an email from UC San Diego.
If you still suspect the message, you may check the campus archive here to see the recent official messages sent by UC San Diego and see if the message you received is listed. If the message is listed here, you can be assured it is a valid email.
Here is the recent official password change notice from UC San Diego.
Commonly, phishers put a link in their emails that looks valid but actually goes to a fake or copycat site. By hovering your mouse over the link in the email (but not actually clicking on the link) you can see the destination website address (URL).
Don't click on a URL if you:
- Know that the correct web address should be different
- See misspellings in the address
If you are uncertain, don't click the link. You can use a search engine to look for the page and see if the URLs match.
- Don't follow links to a webpage. Instead, check the company's website by typing the URL in your browser or call the company directly.
- Don't fill out any emailed forms that ask for personal or financial information.
- Delete the message.
How did phishers get my email?
As with spam, your email address may have been obtained from a compromised computer, an online directory, a publication, etc.
IT Services continuously monitors for phishing emails and takes action whenever the message source can be reliably determined. Unfortunately, it is not possible to completely eliminate phishing scams, as the attacks are coming from so many different sources.
If you believe you have a phishing email, report it to firstname.lastname@example.org.
Note: this page has a friendly link that is easy to remember: http://blink.ucsd.edu/go/phish.