Email
Access mail@ucsf
VPN
HelpWARNING: SCAM EMAILS CIRCULATING AT UCSF
OAAIS Enterprise Information Security has received several reports of UCSF email users falling victim to various email Phishing scams.
WHAT IS PHISHING?
Phishing is a type of deception designed to steal your valuable personal data, such as credit card numbers, other account data and passwords, or other sensitive information.
Often phishing scams use social engineering techniques by placing links in e-mail messages, on Web sites, or in instant messages that seem to come from a service that you trust, like your email/internet service provider, bank, credit card company, or social networking site.
Here are a few phrases to look for if you think an e-mail message is a phishing scam.
-
"Verify your account."
Businesses should not ask you to send passwords, login names, Social Security numbers, or other personal information through e-mail.
OAAIS does not send out messages of this nature and will NEVER request that you provide your account ID or password.
-
"You have won the lottery."
The lottery scam is a common phishing scam known as advanced fee fraud. One of the most common forms of advanced fee fraud is a message that claims that you have won a large sum of money, or that a person will pay you a large sum of money for little or no work on your part.
-
"If you don't respond within 48 hours, your account will be
closed."
These messages convey a sense of urgency so that you'll respond immediately without thinking. A phishing e-mail message might even claim that your response is required because your account might have been compromised.
Important things to remember so that you avoid being a victim:
- Do not respond to email solicitations for this information. This includes following links sent in email.
- Don't send sensitive information over the Internet before checking a web site's security.
- Pay attention to the URL of a web site. Malicious web sites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
- If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a web site connected to the request; instead, check previous statements for contact information.
- Install and maintain anti-virus software and firewalls.
Sophos anti-virus software and Sygate Firewall is available at no cost to all UCSF users and affiliates at (http://oaais.ucsf.edu/OAAIS/Services_Overview/7-DSY.html). To ensure that only UCSF affiliates access this software, you will be required to enter your UCSF Employee ID and last 4 digits of your social security number.
What do you do if you think you are a victim?
- If you believe you might have revealed sensitive information about your self or the organization, report it to your respective IT support organization. If you are unsure who to contact, feel free to contact OAAIS Customer Support at 514-4100, option 2.
- If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
ADDITIONAL RESOURCES:
If you have questions about any of the information provided above, you may send email inquiries to security@ucsf.edu.
Teresa A. Regalia, GCIH
UCSF Enterprise Information Security
Telephone: 415-502-1567
Teresa.Regalia@ucsf.edu
OAAIS Customer Support Service Desk
7 a.m. - 6 p.m., Mon – Fri
(415) 514-4100, Option 2
CustomerSupport@ucsf.edu
http://help.ucsf.edu