During the past several months, the Information Security Office has been working diligently in order to investigate and continuously defend UCR against a Business Email Compromise (BEC) attack campaign that primarily targeted UCR employees. However, it appears the BEC attacks have very recently taken a new form and are now targeting UCR students.
A BEC attack is a type of email scam in which the attacker will impersonate the identity of an employee or faculty member. Using social engineering tactics, the attacker will try to trick their targeted victims into sending money or sensitive information through email. For example, these fraudulent emails may ask to send gift card codes, bank account numbers, social security numbers, addresses, birthdays, research data, etc.
In this recent campaign that is targeting students, the attackers will impersonate UCR faculty and lecturers. Using Gmail accounts, they will then email students in order to persuade them into sending gift card codes.
Within the past year, the Information Technology Solutions office has published a separate article in regards to the BEC attacks that were previously targeting UCR staff and faculty. You can visit the ITS blog post article here: https://its.ucr.edu/blog/2019/05/21/watch-out-business-email-compromise-scams
As a reminder, here are some tips to prevent yourself from falling victim to BEC attacks:
In general, ITS advises all UCR faculty to be wary of any suspicious emails and to always think twice before responding to any email. Please report any suspicious emails to abuse@ucr.edu.
If you are a victim of a BEC attack and lost money or sent personal information to the attacker, you should file a report with the UCPD. In the event you sent personal identifiable information, it is a common practice to put a Credit Lock on your credit reports with three major credit bureaus (Equifax, Experian, and Transunion) to mitigate identity theft.
ITS would like to thank you for your deliberate efforts in keeping the campus secure.