REMAIN VIGILANT! Please Be Aware of an Increase in Cyberattacks at UC Riverside

UC Riverside is a prime target of attacks from cybercriminals, including but not limited to phishing, ransomware, and job offer scams. Some of these attacks have already claimed victims at UCR this year. The financial, mental, and emotional toll of cyber crime is immense, which is why ITS wants to remind the Highlander community to follow cybersmart practices and remain vigilant when using technology. Visit its.ucr.edu/iso-alerts for current security alerts. Visit its.ucr.edu/cybersmart for cybersmart tips and resources. 

Breadcrumb

Cybersmart Banner

Do your part - #BeCybersmart!

UCR Information Technology Solutions is committed to protecting you and your data.

We would like to remind you to stay vigilant against potential phishing attacks and other cyber threats.

Security Tips for Keeping Your Data Safe

Want to make sure your data is safe, but don't know where to begin?

This video provides information on some simple steps you can take towards making sure your data is as secure as possible.

Email Phishing

With electronic mail being a mainstay of personal and professional communication, malicious actors often utilize email in an attempt to steal personal or private information. Phishing emails are crafted to look legitimate but contain malicious programming or content used to capture sensitive data, which can put you and your workplace at risk.

 
How do I identify email phishing?

Fortunately, there are simple ways to spot a phishing email. Here are some warning signs to look out for:

Phishing
  • Bad grammar or punctuation
  • Strange fonts or paragraph spacing
  • Slightly modified email addresses
  • Forms that ask for sensitive information like usernames and passwords Links to strange websites Requests for money from what appears to be a “trusted” person
  • Language that creates a sense of urgency or ultimatum (i.e., "If you do not respond immediately you will be sent to collections")


For more information on identifying phishing emails, check out our Tips for Spotting Phishing Emails aid.

ITS Email Phishing Awareness Campaign

ITS is running a phishing awareness campaign on an ongoing basis. This is accomplished by sending lure emails to campus users. Each of the emails provides a learning opportunity to help the recipient identify malicious emails in the future.

2021 Campaign

As phishing scams evolve, we want to make sure the campus community is aware of the nature of the emails that are currently circulating. Each of the examples below was sent to campus users and is based upon actual phishing emails that were received by members of our community.

Cybersecurity Teaching Moment - Zoom

This lure was an email that appeared to come from Zoom. The video explains what to look out for in emails of this type and provides tips on what you should expect to see in legitimate emails.

Cybersecurity Teaching Moment - Student Job Lure

This lure targets students and mimics an email that provides details about a job opportunity. The video shows you what to be on the lookout for in emails of this type and what to do to prevent yourself becoming a victim of one of these scams.

Cybersecurity Teaching Moment - Business Email Lure

This lure targets staff and mimics an email that contains personally identifiable information. The video shows you what to be on the lookout for in emails of this type and what to do to prevent yourself becoming a victim of one of these scams.

2020 Campaign

In 2020 6 emails were sent at random intervals to campus users. Each email appeared to come from a legitimate source:

Phishing Emails


The videos below show each of the emails that were sent to campus users and what the issues with the emails were. You can view any of the videos by clicking one of the links below:

To see a recap of our phishing campaign and how well UCR did compared to other organizations, view the recap video below:


Additional Resources

Concerned about an email?

Warning

If you’re concerned about the legitimacy of an email, we encourage you to:

  • Create a new email and send it to the official UCR address of the purported sender to verify its legitimacy (visit UCR Profiles for official contact information)
  • Pick up the phone and call the purported sender to verify its legitimacy
  • If you have considered the above steps and believe the email to be phishing, notify the ITS Information Security Office by providing the suspicious email as an attachment in your email to abuse@ucr.edu (view step-by-step instructions on the ITS Knowledge Base: KB0011368)

CyberSmart Tips
 

Mouse

Take extra care before opening emails or clicking on links that seem suspicious. If it looks odd or too good to be true, it probably is. Email phishing is a very common method hackers use to access protected systems.
 

Padlock

Be sure to use UCR’s VPN at https://campusvpn.ucr.edu when working. You can find VPN guidance in our ITS Knowledge Base (kb.ucr.edu - search ‘VPN’).
 

Progress Bar

Ensure your devices are running the latest software updates. This includes updating your mobile phones, tablets, computers, Wi-Fi routers and any other Internet-attached devices

Email

Keep ITS in the loop! If you receive a suspicious email, send it as an attachment to abuse@ucr.edu. You can find step-by-step instructions in the Knowledge Base (kb.ucr.edu - search ‘email phishing’)