The UC Santa Cruz community is currently facing a significant increase in email impersonation scams targeting staff, faculty, and students. These scams, which involve attackers posing as trusted individuals or organizations, are designed to steal sensitive information, financial data, or even money. The rise in these fraudulent activities has prompted the university's Information Technology Services (ITS) to issue a warning and provide guidelines on how to recognize and avoid falling victim to these scams.
What are email impersonation scams?
Email impersonation scams are a type of phishing attack where the attacker sends emails that appear to come from a legitimate source, such as a university official, a colleague, or a well-known company. The goal is to trick the recipient into taking actions that compromise their personal information or the university's security.
Recent incidents at UCSC
UCSC has seen a variety of impersonation scams targeting its community. Some recent examples include:
- Fake job offers. Emails offering fake job opportunities that request personal information from students.
- Bogus research positions. Offers for remote research positions that ask for sensitive data under the guise of employment processing.
- Unexpected document services. Unexpected emails from DocuSign and Google Documents that contain little information or you don’t know about.
- Phony account suspensions. Messages claiming that the recipient's UCSC email account will be suspended unless they verify their credentials.
How to recognize and avoid scams
Here are several tips to help you recognize and avoid email impersonation scams:
- Verify the sender's email address. Always check the sender's email address carefully. Scammers often use addresses that are similar to legitimate ones but with slight alterations. If it's not coming from @ucsc.edu, it's most likely a scam.
- Look for red flags. Be cautious of emails that contain urgent requests, demand confidentiality, or ask for sensitive information.
- Contact the supposed sender. If you receive a suspicious email, contact the sender directly using a known phone number or email address found on the UCSC Campus Directory to verify the request.
- Avoid clicking links. Do not click on links or download attachments from unknown or unexpected emails.
- Report suspicious emails. Forward any suspicious emails to phishing@ucsc.edu and report them as phishing to Google.
What to do if you fall victim
If you provided personal information, such as your UCSC credentials, in response to a phishing email or on a suspicious webpage, your account may be compromised. If you believe you have responded to a phishing scam, it is crucial to act quickly:
- Follow the instructions at What to Do if Your Email Account is Compromised.
- Change your passwords. Immediately change your UCSC passwords and any other accounts that may use the same credentials.
- Report the incident. Notify the ITS Information Security through the Security Incident Report Form and contact the UCSC Police Department if you believe you have been a victim of fraud or identity theft.
- Monitor your accounts. Keep a close eye on your financial accounts for any unauthorized transactions and consider locking your credit records to prevent new accounts from being opened in your name.
- Carefully review your personal accounts that became vulnerable as a result of responding to the email.
Stay safe and always verify before you trust
The rise in email impersonation scams at UCSC is a serious concern, but by staying vigilant and following the provided guidelines, the university community can protect itself from these malicious attacks. For more information on how to protect yourself from scams, visit ITS Information Security website and stay updated on the latest phishing attempts through the Phish Bowl.
Get help
- If you need assistance, contact the ITS Support Center
