Skip to Main Content

Phishing & Scams: Don’t Take the Bait

code on computer screen

Phishing is the #1 cyber risk for UCLA students, faculty, and staff. Attackers disguise themselves as trusted contacts—professors, campus departments, banks, or even job recruiters—to trick you into clicking links, downloading malware, or sharing sensitive information.

Phishing attempts often arrive by email but can also come through text messages (“smishing”), phone calls (“vishing”), or even direct messages on social media.

Common Red Flags

  • Urgent subject lines: “Your account will be locked unless you act now.”
  • Suspicious senders: Look closely—does “ucla-it.com” instead of “ucla.edu” appear?
  • Unexpected attachments or links: Hover to preview the real URL.
  • Too-good-to-be-true offers: Fake jobs, scholarships, or quick-cash opportunities.

How to Protect Yourself

  • Never share your UCLA Logon ID or password by email. UCLA IT will never ask for it.
  • Don’t click links in suspicious messages; navigate to sites directly instead.
  • Verify job postings with UCLA Career Center before applying.
  • If something feels “off,” trust your instincts—report the message.

Report It

Forward suspicious emails to UCLA IT Security at security@ucla.edu. Quick reporting helps protect you and the entire campus.

Tags
Security Best Practices