Beware of Scams

Para ver la informacion de esta pagina en Español seleciona Español en el menú debajo.

phishing

Don't be fooled by scams!

Criminals and hackers are constantly coming up with new schemes designed to compromise computers, steal passwords, trick you into revealing valuable information (personal, financial, etc.), or trick you out of money.

Scams can lead to identity theft, regular theft, access to your accounts and personal information, and compromised computers.

A compromised computer can put ALL of your information and passwords at risk


The practice of trying to trick or manipulate people into breaking normal security procedures is called “Social Engineering”. The principle behind social engineering and scams in general is that people are the weak link in security – that it can be easier to trick people than to hack into computing systems by force. 

Social engineers exploit people’s natural tendency to want to trust and be helpful. They also take advantage of our tendency to act quickly when faced with a crisis. The scams described on this page are all classic examples of social engineering.


  • Phishing is a scam designed to steal information or passwords, compromise computers or trick you out of money - typically via deceptive emails, texts, posts on social networking sites, pop-ups or phone calls. For more information on what to watch-out for go to Avoiding Phishing Emails.
  • Hover over any links to see specifically where you are being directed.  If it's not legit, don't click.
  • Some examples include:
    • “There’s a problem with your account” – trying to trick you into sending your password or clicking on a link in order to fix a problem.
    • Phony security alerts – email, pop-ups or Facebook notices warning that your computer is at risk of being infected, typically with a link to click.
    • Phony computer support
    • Money Phishing – trying to trick you out of money or bank/credit card account info. Often by pretending to be someone from another country who needs assistance accessing a large sum of money. Or a friend stuck in another country without any money. Or an IRS agent claiming that you owe taxes and must pay immediately over the phone.

If you think you have discovered a Phishing scam, report it to Google. Train your spam filter:

  • Open the message in Gmail (in your web browser)
  • Click the three vertical dots ' ⋮ ' next to reply
  • Choose 'Report phishing'

If you receive a threatening phishing email report it to the Police Department.

Delete spam and suspicious emails; don't open, forward, or reply to them. They are in your spam folder for a reason.


Attackers pose as someone in authority, or an IT representative, in order to obtain information or direct access to systems. Attackers may research the target so they know enough to convince you to trust them or they will bet on your want to please someone like your boss to complete their task. Check the email address that the message came from. Often the signature will match the display name, but the email address will not match that of the supposed senders.


Survey Scams: Be cautious about the legitimacy of the form. Were you expecting a survey? Do you know the company or topic it is asking about? Is it asking for personal information?

Ransomware: Scams that lock your computer and you have to pay money to get it unlocked. This is also a double-whammy because you also give the attacker your credit card information.

Fake Invoices: Attachments that look like invoices but are really scams.


Make sure your computer is protected with anti-virus and all necessary security "patches" and updates, and that you know what you need to do, if anything, to keep them current. For more information on how to stay secure on your devices visit How to Stay Secure.

  • Don't open files, click links, or call numbers in unsolicited emails, text messages, IMs, Facebook postings, tweets, etc.
    • Instead of clicking on a link, look up the website yourself by a method you know to be legitimate.
    • If you can't verify something is legitimate, ignore or delete it.
  • Don’t click on links in pop-up ads/windows; Trust your web browser’s pop-up blocker, if it has one.

Key indicators:

    • You are being asked for personal or private information, your password, financial account information, address, date of birth, Social Security Number, address or money, even in the form of gift-cards or blank checks.
    • Scare tactics or threats stressing that if you don't act quickly something bad will happen
    • Promises of something too good to be true. This includes bargains and “great offers,” or links to claim an award/reward.
    • Other indicators that an email isn’t legitimate:
      • It’s not addressed to you, specifically, by name.
      • The sender isn’t specified, isn’t someone you know, or doesn’t match the “from” address. 
      • It has spelling or grammatical errors.
      • It includes links to pictures or videos from people you don’t personally know

If you find yourself among the millions of people who have responded to phishing and have exposed their personal information, you should perform the following:

  • If the phishing message was directed to your UCSC email account, report the incident to ITS Information Security through the UCSC ITS Support Center at extension 9-4357 or help@ucsc.edu.
  • If you believe you have been a victim of fraud or identity theft, immediately notify your local police jurisdiction and cease all contact with the suspect organization. You can also contact the UC Santa Cruz Police Department Dispatch Center to speak with an officer at 831-459-2231 (option 1).
  • Reset any passwords that you may have exposed. If you use the same password across multiple sites, you need to reset them all. Remember to use a different password for each site into which you enter private, sensitive data so a compromise of one system does not turn into a compromise of many.
  • If the information you provided can be used to access any other institution, contact the customer service center of each affected institution.
  • If you exposed any financial account information, such as your credit card or bank account number, report the incident to the financial institutions involved.
  • If any piece of information was exposed that could be used to open financial accounts (e.g., your Social Security Number, date of birth, place of birth, mother's maiden name, bank account numbers, credit card numbers), contact any of the three major credit bureaus and ask them to lock your credit record and sign up for their credit monitoring service, a fee-based service that will automatically notify you whenever your credit record is accessed. When you lock your credit record, no other organization can check your credit without your permission. Here are the websites for the three major credit bureaus:
  • The web sites of national agencies that deal with Internet fraud provide helpful information about dealing with identity theft issues: