Return to Main Howtos Page

Beware of Phishing

Phishing is the process of attempting to acquire sensitive information from people by masquerading as a trustworthy entity in electronic communications. It is commonly carried out through emails and instant messaging. Users are often asked to enter in information such as usernames, passwords, bank account and/or credit card numbers, and other private data.

Senders of these fraudulent emails often claim viable reasons for needing such information from users. One common scenario is claiming that they will deactivate or disable your user account if you do not send them your login credentials. No matter how trustworthy the requests may sound, reputable websites that require user logins should NEVER request such information from you, especially through email. Disclaimers can often be found on such websites confirming this.


Emails from UCLA

BOL and the UCLA School of Medicine both run email systems providing accounts for students and staff. Neither of them will send out email requesting login information from you. If you receive messages with such claims, the safest thing would be to delete them.


Emails with Website Links

Sometimes, such emails may come with links. The links often lead users to fake websites (modeled after real ones) that trick people into entering their information. If you receive such emails, do not click on the links. As a good practice, whenever you arrive at a web page asking you for login information, you should check the URL of the page and make sure it is legitimate first before typing in anything. The news alerts at Bruin OnLine have a good example of a fake website here.


Emails with File Attachments

Some emails might come with attachments. If you are unsure of the sender or the contents of the attachment, do not open, save, or run them. It is possible for people to include malicious content in such file attachments that can infect and take over your machine. As a good practice, you should not open email attachments unless you are sure that it is from a legitimate sender and was not sent with ill intent.


How can you tell what is fake?

Despite attackers trying their best to fool users into thinking that they are legitimate, there are almost always imperfections. If you receive some suspicious messages, there are several things that you can look for.

If you receive mail that asks for private information but you are unsure of its authenticity, you can try contacting the entity in question. For example, if you receive something from the BOL helpdesk asking you for information, go to their website, find a legitimate email address, and send an email asking for clarification.


Biomathematics User Accounts

Those who work in or are affiliated with our department, Biomathematics, may have Gonda or Calypso user accounts. The IT office will never ask you to give us your password, especially not with threats of account deactivation. If you receive something like this, do not reply with your information without first checking with us.


Non-UCLA Email Accounts

Of course, phishing attacks are not merely limited to UCLA-affiliated email accounts. Any and all email accounts are vulnerable to these types of attacks. We encourage users to exercise utmost discretion in dealing with all of their email accounts.


Additional Information

More information regarding phishing attacks, including those targeted at UCLA students and staff, can be found in the following links:

Phish/Spam of the Day - daily examples of spam and phishing emails received by UCLA employees as provided by the campus IT Services group
Letter from the Office of Information Technology - a PDF letter from the Associate Vice Chancellor of the OIT
Alerts from Bruin OnLine - you can scroll through all the past news alerts from BOL regarding fake emails/messages
Article on UCLA website - more information about UCLA targeted emails
Wikipedia article on Phishing - learn more about general phishing attacks


If you have any questions about this matter, feel free to contact us via the IT Helpdesk or through email.