Defend Yourself From Cyber Attacks and Be a #UCRCyberHero!
Cybersecurity Awareness Month 2025
Report Suspicious Emails the UCR Way
Cyber attacks such as phishing and job scams are serious threats to UCR. By using the “Report Suspicious” tool, you can protect yourself and the entire UCR community. Each report triggers an immediate investigation by UCR's Information Security Office. If a threat is found, they remove it from UCR's systems while ensuring that all sensitive personal data are handled securely. The table below summarizes the difference between UCR and Gmail's reporting tools.
How to Report Suspicious Emails
Watch this short video to learn how to report potential phishing emails using the "Report Suspicious" tool!
Guide to UCR's Phishing Reporting Tool
Click any button below to download a PDF version of the guidance on how to use the "Report Suspicious" tool.
Phishing Emails
With electronic mail being a mainstay in personal and professional communication, malicious actors often utilize email in their attempts to steal private information. Phishing emails are crafted to look legitimate but contain malicious programming or content used to capture sensitive data, which can put you and the campus at risk.
How to Identify Phishing Emails
There are key ways to spot a phishing email. Here are some warning signs to look out for:
- Slightly modified sender email address
- Bad grammar, spelling, or punctuation
- Messages that don't make sense
- Language that creates a sense of urgency or ultimatum (i.e., "If you do not take action immediately, your account will be suspended.")
- Request for login information like usernames and passwords
- Request for money from what appears to be a “trusted” person
- Unfamiliar URLs (links) or QR codes
For more information on identifying phishing emails, check out ITS' simple and proven method for preventing phishing scams.
Protect Yourself from Job Scams
Don’t take the bait! Learn how to spot job scams and how to stay safe online while searching for your next work opportunity.
Job scams are a type of email scam wherein the attacker impersonates someone from UCR or other legitimate companies and tricks their targeted victims into sending money or providing sensitive information. Using social engineering tactics, the attacker may ask students to send resumés, bank account numbers, social security numbers, addresses, birthdays, research data, gift card codes, etc.
Here are the red flags to watch out for:
- Being asked to open an email attachment in order to view the job offer
- No company name provided
- Promise of high payment for a minimal amount of work
- Awkward sentence phrasing and spelling or grammar errors
- Offers to send money
- Requests for money or gift card codes
- Requests to communicate through non-UCR channels (text message, non-UCR email, other applications, etc.)
- A job offer you did not apply for
If you encounter a suspicious job-related email, report it immediately using PhishAlarm.
In one job scam attack against UCR students, attackers impersonated UCR faculty and administrators and contacted students using Gmail accounts. The email was made to look like a job offer to solicit personally identifiable information. Once the student’s personal information was obtained, attackers contacted them through their personal (non-UCR) email address or phone number and persuaded them to make a payment or provide sensitive information, such as their social security number or bank account number. Don’t fall for this job scam!
All campus job openings are posted on UCR Handshake. This is the safest and most reliable way to find legitimate opportunities. Visit the UCR Handshake portal to avoid job scams!
Student Job Scam Email Lure
Watch this short video to learn how to spot job scam emails and what you can do to avoid becoming a victim.
Cybersecurity Awareness Month Event Calendar
Don’t miss these cybersecurity events happening throughout October and November!
View the complete list of University of California CAM events on the UC CAM 2025 website.
Cybersecurity Awareness Month Pop-up Booth
Dates: Every Wednesday and Thursday from October 29 to November 20, 2025
Time: 11:00 am - 1:00 pm (PDT)
Venue: UCR Bell Tower Lawn
Students, faculty, and staff are all welcome to stop by the ITS pop-up booth! Sign up for our cybersecurity newsletter mailing list to play the fishing game and win a prize. You’ll also have the opportunity to chat with our cybersecurity experts and learn valuable and practical tips on how to keep your data and devices safe from cyber attacks. See you there!
Humans, Hackers, and Hallucinations: AI, Social Engineering, and the Future of Cybersecurity (Webinar)
Date: October 28, 2025 (Tuesday)
Time: 11:00 am - 12:00 pm (PDT)
This event is free and is open to the UC community. Register to attend the webinar.
Artificial intelligence has quickly shifted from a promising tool to a disruptive toddler running with scissors. While AI enables defenders to detect threats faster and automate response, it also gives attackers new ways to deceive, manipulate, and exploit. From deepfake audio convincing an employee to transfer millions, to AI-written phishing campaigns that bypass filters, the game has changed.
This session will explore the intersection of AI and social engineering, revealing how threat actors leverage machine learning to craft convincing attacks and where defenders can push back. We’ll also examine the emerging cybersecurity trends to watch in the coming year, from the rise of synthetic identities to AI-driven security operations. Most importantly, we’ll ground the discussion in practical advice: how individuals and organizations can stay vigilant, adapt defenses, and avoid becoming the next case study.
By the end of the talk, participants will walk away with a deeper understanding of the risks and opportunities AI presents, as well as actionable strategies to build resilience in an age where the line between human and machine manipulation is increasingly blurred.
Let's Talk About Privacy. Let's Talk About You and Me. (Webinar)
Date: October 28, 2025 (Tuesday)
Time: 12:00 pm - 1:00 pm (PDT)
This event is free and is open to the UC community. Register to attend the webinar.
Get ready to protect your personal information with UCSB's Privacy Officer Becky Steiger! This presentation isn't just about boring data rules; it's about your human right to be left alone, why protecting your privacy is important, and tips on how to manage your digital life. You will learn about key privacy laws and policies like FERPA, the California Information Practices Act, the UC Electronic Communications Policy (ECP), and the UC Privacy and Information Security Initiative (PISI Report). Learn how to protect your digital privacy and keep your personal business to yourself.
Authentic or Artificial? (Webinar)
Date: October 30, 2025 (Thursday)
Time: 2:00 pm - 3:00 pm (PDT)
This event is free and is open to the UC community. Register to attend the webinar.
How well can you tell the difference between AI-generated content and the real deal? Put your analytical skills to the test during a live demo presented by UCI’s cyber club, Cyber@UCI, who secured 1st place in the 2025 National Collegiate Cyber Defense Competition!
The Cybersecurity Industry is Hiring!
With 3.5 million unfilled cybersecurity positions to remain through 2025, the IT industry is looking for skilled individuals trained in cybersecurity to fill crucial roles in various organizations.
Go beyond being a #UCRCyberHero and join the league of cybersecurity professionals! The first step is to acquire the right training.
- Take the ISC2 Certified in Cybersecurity Entry-Level Certification
- Apply for the SANS Diversity Cyber Academy cybersecurity training scholarship for minorities and women
To set yourself up for success, hone your skills in identifying and resolving modern cyber threats, including phishing, social engineering, Business Email Compromise (BEC), and financial fraud, as well as learn how to protect and defend apps, data, devices, infrastructure, and users.
Check out the U.S. Bureau of Labor Statistics’ Occupational Outlook Handbook to learn how to become an Information Security Analyst, along with other important career positions in cybersecurity.
Cybersecurity Training Resources
Enhance your cybersecurity know-how with our training videos, available in the ITS Training Toolkit.
Use the Cybersecurity Awareness Month Zoom Background
Show your #UCRCyberHero pride! Download the official Cybersecurity Awareness Month Zoom background and start using it to promote cybersecurity at UCR!
SECURITY TIPS
Do your part - be cybersmart!
Follow the tips below to help ensure your personal and financial data stays safe while working and learning at UCR.
Each month, ITS sends out a phishing simulation email. The goal of these emails is to make campus aware of the types of phishing scams that are circulating and to provide tips on how to avoid these scams. This video provides a recap of the phishing simulation emails sent from May 2022 to July 2023 and illustrates how well UCR did in comparison to other organizations.
To see examples of the types of emails you may receive and what to look out for, visit the cybersecurity section of our training page.
If you receive a phishing email, please report it to ITS. To find out how, watch the PhishAlarm video.
Want to make sure your data is safe, but don't know where to begin? This video provides information on simple steps you can take towards making sure your data is as secure as possible.
Be sure to use UCR’s VPN at https://campusvpn.ucr.edu when working. You can find VPN guidance on the ITS Knowledge Base.
Ensure your devices are running on the latest software updates. This includes updating your mobile phones, tablets, computers, Wi-Fi routers, and any other devices connected to the Internet.
Four key ways to keep the cybercriminals at bay:
HOW TO SPOT PHISHING
Should you trust that email or text message?
With electronic messaging being a mainstay of personal and professional communication, malicious actors often utilize email and text messages when they attempt to steal personal or private information. Phishing messages are crafted to look legitimate but contain malicious programming or content used to capture sensitive data, which can put you and the University at risk.
Fortunately, there are simple ways to spot a phishing email. Here are some warning signs to look out for:
- Bad grammar or punctuation
- Strange fonts or paragraph spacing
- Slightly modified email addresses
- Forms that ask for sensitive information like usernames and passwords
- Links to strange websites
- Requests for money from what appears to be a “trusted” person
- Language that creates a sense of urgency or ultimatum