There has been an alarming escalation of sophisticated phishing attacks targeting universities, including UC Riverside. It is critical that all Highlanders stay vigilant, report suspicious activity, and arm themselves with cybersecurity best practices. 

Stay Vigilant and Report Suspicious Activity 

• Educate yourself. Visit the CyberSmart page for tips on identifying scams and guidance on how to report them.
• Report suspicious emails. If you receive a questionable email, do not click any links. Use the "Report Suspicious" button in your Gmail (watch the how-to video on YouTube) or forward it to abuse@ucr.edu.
• If you believe your account has been compromised:
  • Immediately change your account password.
  • Notify the ITS Information Security Office at 951-827-4848 or via support ticket
  • Notify Student Business Services at 951-827-3204 or sbsofc@ucr.edu
     

Red Flags to Keep in Mind  

Unfortunately, with the prevalence of generative AI, the current wave of attacks is more advanced than simple "spam." To stay safe, please be on high alert for the following:

• Imposter Sender: Make sure the email (or phone call, text, etc.) is from a trusted, legitimate source. Fraudulent email addresses are spelled or made to look like they came from a verified address. Don’t rely on the display name alone, as this can be spoofed to look like someone you know. Be sure to view the actual email address that sent the message. When in doubt, look up the person’s contact information on profiles.ucr.edu and contact them directly to confirm the legitimacy of the email.
• Request for Login Credentials: Never enter your UCR password on a site that isn't an official UCR website. Scammers often use look-alike pages, so it is critical that you look at the URL address of the webpage. If it isn’t on the UCR domain (ucr.edu), take pause. The safest approach is to navigate directly to rweb.ucr.edu in your browser and use the links provided within the portal.
• MFA Manipulation: Never share a Duo verification code or passcode with anyone. Scammers may text you or call you claiming to be "IT Support" to trick you into giving them the code that lets them bypass your security. ITS will never ask you for your password nor a verification code or passcode, as they are the administrators of campus accounts.
• Hidden Rules: Scammers who gain access to an email account often set up "Trash" rules so you never see the automated security alerts sent by the university. Periodically check your Gmail settings to ensure no unauthorized filters have been created.
• Account Changes: Regularly log into your student portal via R'Web to verify that your direct deposit and contact information remain correct.

There are many other red flags, which are outlined in the ITS blog article “The Simple and Proven Method for Preventing Phishing Scams.” We strongly encourage you to review them.

Read and Understand, Then Act

As you read, understand the information you are receiving. Some helpful questions to ask yourself are:

• Is the sender’s email address legitimate?
• Is the URL address of the webpage that is asking for my personal info (i.e., NetID and password) part of the ucr.edu domain?
• Am I expecting this communication, link, or email attachment?
• Does the message make sense? Can I verify this information elsewhere? Is this truly urgent?
• UCR ITS said they would never ask me for my password, a Duo verification code, or a passcode. How can I contact ITS directly to verify this odd request?
• Is the offer too good to be true? If I think I know this person, how can I contact them directly at a known number or email address to verify?

Stay vigilant, Highlanders. By staying informed, we keep our community secure.