Skip to main content
University of California San Francisco Give to UCSF

UCSF IT Technology

Main navigation

  • Status
    • Security Announcements
  • Services
  • How To
  • News & Events
  • About Us
  • Log In
Open Close Search
Open menu
Give to UCSF

Breadcrumb

  1. Home
  2. How To
  3. Protect UCSF and Myself from Phishing and Other Similar Scams

This content is viewable by Everyone

Protect UCSF and Myself from Phishing and Other Similar Scams

Save

Log in via MyAccess to save.

  • Audience: Affiliate, Faculty, Staff, Student, Technical Partner
  • Service Category: Security
  • Owner Team: IT Security
  • Service:
    IT Security Outreach and Training

Information you need to know

WHAT YOU SHOULD DO IF YOU RECEIVE A RANDOM EMAIL OR CALL THAT ASKS FOR YOUR PRIVATE INFORMATION:

  • Within UCSF email, click on the Phish Alarm    Button to report it.
  • Do not reply to or click on the link in the message.
  • If it's a phone message, hang up.

Instead, if you believe the sender or caller to be a legitimate organization, open a new internet browser session and type in the company’s correct web address yourself.

If you're concerned about your account, contact the organization mentioned in the email or call, using a telephone number you know to be genuine.

  • Be wary of telephone numbers listed in emails.

Some scammers send an email or make a call that appears to be from a legitimate business and ask you to call a phone number to update your account or access a “refund.” Because they use Voice Over Internet Protocol (VOIP) technology, if you call back, the area code you call does not reflect where the scammers really are. If you need to reach an organization you do business with, call the number on your financial statements or on the back of your credit card.

  • Don’t email personal or financial information.

​Other scammers will call you directly and ask for your private information. Again, because they use VOIP technology, they can make a number look like a legitimate business by spoofing the caller ID.

  • Validate the caller or sender.

Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization’s website, look for indicators that the site is secure, such as a lock icon on the browser’s status bar or a URL for a website that begins “https:” (the “s” stands for “secure”). Unfortunately, no indicator is foolproof; some phishers have forged security icons.

  • Review credit card and bank account statements as soon as you receive them.

Check for unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.

  • Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them.

These files can contain viruses or other software that can weaken your computer’s security.

  • Be careful what information you publicize.

Attackers may be able to piece together information from a variety of sources. Avoid posting personal data in public forums.

  • Use and maintain anti-virus software and a firewall. 

Protect yourself against viruses and Trojan horses that may steal or modify the data on your own computer and leave you vulnerable. Make sure to keep your virus definitions up to date.

Additional important information

  • If you believe you have received a phishing message, but have NOT clicked the link or opened the attachment, report it by clicking on the Phish Alarm   button within your UCSF email.
  • If you DID click on a link and download software, turn off your computer and contact the IT Service Desk immediately.
  • If you clicked on a link and provided your credentials, change your password immediately and contact the IT Service Desk.

UCSF IT Service Desk

MAIN: 415-514-4100

APeX: 415-514-APEX

http://help.ucsf.edu/

Fast, Efficient Solutions

UCSF-wide March 2023 Mock Phishing Campaign - Phish Indicators 

Below are pictures of the latest UCSF-wide mock phish sent to everyone with a UCSF email address in March 2023.  Over 2000 of you reported the phish via Phish Alarm!  For those of you who might have missed it, the red flags are pointed out below.  However, if something is at all strange, report it via Phish Alarm.  It will analyze it and get back to you in minutes.  Over-reporting is not an issue.  It is always better to be safe than sorry!

Red Flags in phish

Related Information

  • Avoid Being Phished - Quick Tips
  • “Report Phish” button is now available
  • COVID-19 Vaccine Phishing Attempts

Related News

  • See the Latest Phishing Scams and Know What To Do!
    Esther Silver/Thursday, December 8, 2022
Section Menu
IT Security Outreach and Training
  • Information Security Is Everyone's Responsibility
  • IT Security Awareness - Stay Sharp to Stay Safe
  • IT Security and Awareness Champion Program: Overview
  • View IT Security Awareness Videos
  • Request IT Security Awareness Posters
  • IT Security Orientations and Education
  • IT Security Educational Meetings and Webinars
  • Advanced IT Security Training on the UCSF Learning Management System
Home

Footer Col 1

  • Status
  • Services
  • How To
  • News & Events

Footer Col 2

  • About
  • IT Directory
  • Standards & Guidelines

Footer Col 3

  • Get Help
  • Recognize IT Staff
  • Submit a Support Inquiry

    For emergencies and high priority issues please call the IT Service Desk (415) 514-4100

    • Facebook
    • Twitter
    • YouTube
    • Instagram

    © 2023 The Regents of the University of California