Threat Alert: PHISHING ATTACKS Impersonate Banks to Steal Credentials

• A series of phishing attacks are impersonating financial institutions. 
• These attacks use convincing branding; however, the emails’ sender addresses do not match the financial institution.
• Instead, these emails come from sender address domains like “@connect[.]net” or “@PayNow[.]com.”
• Lures used in these attacks include a notification message asking if recipients recognize a particularly expensive charge and a lure asking the recipient to approve a high-value payment into their account.
• Interacting with either lure leads to a fake login page that steals recipients’ banking credentials and SMS verification codes.

Key Action: Report Suspicious Emails 

• Go beyond surface clues. Familiar logos, branding, and names are not automatic indicators that an email or website is safe. Cybercriminals often imitate well-known organizations.
• Beware of “too good to be true” messages. An email from your bank informing you of an unexpected payment made into your account can be extremely exciting. Unfortunately, it is also almost certainly a scam.
• Remain alert to phishing indicators. Mismatches between sending addresses and an organization’s name are always warning signs.
• Report ANY suspicious emails received in your UCSF email box using the Phish Alarm button.