Information Technology Services

Security Alert: Email phishing targeting UC Santa Cruz

Security alert badge icon

There is an active phishing attack targeting UC Santa Cruz students. Bad actors are attempting to steal financial aid refunds and disbursements by gaining unauthorized access to student accounts. 

Be alert for these tactics

Attackers are sending phishing emails using the following themes, for example:

  • Dropped from class notifications
  • Changes to your class schedule
  • Grade notifications
  • Statement regarding your Student ID

See latest phishing examples

Remember: Do NOT click on links to non-UCSC webpages and forms. Instead, go directly to MyUCSC or Canvas. Please report anything that looks “phishy” immediately by emailing phishing@ucsc.edu.

If you believe you’ve been compromised

  1. Reset your UCSC Gold password using CruzID Manager
  2. Check your information in MyUCSC:
    1. Confirm your mailing addresses (MyUCSC > Personal Information > Addresses).
    2. Confirm your direct deposit information in MyUCSC (MyUCSC > My Account $ > Sign up for Direct Deposit).
  3. If you have questions, contact:
    1. ITS Service Desk: call 831-459-4357 or get a help request started 

Student Business Services: sbs@ucsc.edu

See how the scam works

  1. You receive an email (often using URL shorteners and sites like Weebly.com or tilda.ws)
    A phishing email attempting to get UC Santa Cruz students to hand over their account credentials.
  2. The email directs you to a fake login form (e.g. Google Forms or Microsoft Forms) that asks for personal or login information. 
A form with fields for email, password, phone number, and DOB, with the UC Santa Cruz logo as a header
  1. Then you may receive an SMS text message asking you to approve a Duo prompt.
  2. Once approved, attackers can access your UCSC accounts, including email, MyUCSC, and your direct deposit settings to change your financial information.

How to protect yourself

  • NEVER provide your password through email links or online forms
  • NEVER approve Duo push notifications you didn’t initiate
  • VERIFY any communication about grades, classes, or financial aid by logging directly into official MyUCSC and UCPath portals
  • CHECK your direct deposit information regularly
  • REPORT suspicious emails immediately to phishing@ucsc.edu

Learn more: Cybersecurity for Employees and Cybersecurity for Students

Tech Talk newsletter

Tech Talk

Learn more about the quarterly Tech Talk newsletter, manage your subscription, and propose topics.

Last modified: Jan 08, 2026