This content is viewable by Everyone

Real Phishing Threats

Please note that this is not an all inclusive list of all of the phishing threats but rather ones that are typical of current threats and/or ones that were actually received by UCSF staff, faculty and/or students (must be logged into MyAccess to view).  Be diligent with all communications.

Content

Phish Received by UCSF

Phish Typical of Current Threats

 

Phish Received by UCSF

Feb 2024: Payroll Lure Harvesting Credentials

Dec 2023: Multi Factor Authentication

Jun - Nov 2023: Supply Chain Management / Accounts Payable ACH Fraud

Aug 2017: Supply Chain Management / Vendor Relations ACH Fraud

 

Phish Typical of Current Threats

Mar 2024: Invoice-Themed Phishing Lures

Mar 2024: ScreenConnect-Themed Credential Phishing

Mar 2024: Telephone-Oriented Attack Delivery (TOAD) Attacks Use Hulu+ Bundles

Feb 2024: Job Offer Message Lures

Feb 2024: 2024 Tax-Themed Lures

Feb 2024: Deepfake Scam Imitating CFO (Feb 2024)

Jan 2024: Policy Update Phishing Lures Bypass MFA

Jan 2024: Rewards-Themed Lures Harvesting Credit Card Data

Jan 2024: Phishing Attacks Use CAPTCHA to Increase Trust

Jan 2024: NHS-Themed Lures Steal Microsoft Credentials

Dec 2023: WordPress-Themed Lures Install Malicious Plugin

Dec 2023: Bonus-Themed Lures Harvest Credentials

Dec 2023: Eventbrite-Themed Lures Distribute Malware

Dec 2023: Christmas-Themed Lures Steal User Credentials

Nov 2023: HSBC Brand Abuse Lures Distribute Malware

Nov 2023: Phishing Attacks Impersonate Philippine Agency

Nov 2023: Credential Phishing Attacks Abuse Booking[.]com Branding

Nov 2023: OSHA-Themed Phishing Lures Deliver Malware

Oct 2023: Trusted Websites Delivering Fake Browser Updates

Oct 2023: Israel-Palestine Humanitarian Crisis Donation Scam

Oct 2023: Business Email Compromise Lures Spoof US Fire Administration

Oct 2023: TOAD Attack Spoofs Best Buy’s Geek Squad Branding

Oct 2023: Extortion-Themed Phishing Lures Spread Malicious Software

Oct 2023: Dual-Purpose Phishing Attacks Use Blocked Email Lure

Sep 2023: Phishing Lure Uses Potential Employment Status Theme

Sep 2023: Credential Phishing Lure Imitates SharePoint and Financial Institution

Aug 2023: USDA-Themed Lures Use Embedded URLs, QR Codes to Harvest Email Credentials

Aug 2023: Phishing Attacks Abuse Proofpoint Branding

Aug 2023: Impersonation Attacks Target GitHub Developers

Aug 2023: Lawsuit-Themed Lures Spread Malware

Aug 2023: Geek Squad-Themed Lures Used in TOAD Attacks

Jul 2023: HR Themed Phishing Attacks

Jul 2023: Vishing Calls Warning of Fraud Steal Victim’s Information

Jul 2023: Phishing Attacks Use Fight-Themed Lure to Spread Malware

Jun 2023: Hijacked Email Threads Spread Malicious Software

June 2023: Phishing Attacks Abuse Valid Web Traffic Tool

Jun 2023: Phishing Attacks Use Compromised Microsoft Office 365 Accounts

Jun 2023: New Top-Level Domains Increase Phishing Risk

May 2023: Phishing Kit Uses Finance-Themed Lures

May 2023: Malicious QR Codes in Public Places Used in Theft

May 2023: Phishing Attacks Impersonate Secure Share Providers

May 2023: AI-Themed Phishing Lures Distribute Threats

May 2023: URL Shortening Service Widely Abused in Attacks

May 2023: Phishing Attacks Deliver Remote Access Malware

Apr 2023: Tax-Themed Lures Distribute Malware

Apr 2023: Okta-Themed Lures Harvest Microsoft Credentials

Apr 2023: Phishing Lures Abuse SAP Concur and DocuSign

Mar 2023: Attacks Spread Microsoft Teams-Themed Lures

Mar 2023: Vishing Calls Impersonate Loved Ones in Distress

Mar 2023: Twitter Scam Impersonates Bank Support Staff

Mar 2023: Attacks Use Silicon Valley Bank-Related Lures

Mar 2023: Invoice-Themed Phishing Lures Spreading Malware

Mar 2023: Malicious OneNote Attachment Lures

Mar 2023: Global Phishing Campaigns Using Tax Season Lures

Feb 2023: Phishing Attacks Use Earthquake-Themed Lures

Feb 2023: MFA (DUO) Fatigue Attacks Target High-Profile Orgs - Do not approve authentication requests for logins you did not initiate!

Feb 2023: Valentine’s Day-Themed Lures

Feb 2023: Phishing Attacks Distribute IRS Notice-Themed Lures

Feb 2023: Employee Termination-Themed Lure Spreads Malware

Jan 2023: Phishing Attacks Abuse Microsoft OneNote

Jan 2023: Malicious Google Ads Lead to Malware Installation

Jan 2023: Compensation-Themed Phishing Lures Harvest Microsoft Credentials

Jan 2023: Campaign Uses Paycheck Fax-Themed Lure

Dec 2022: Phishing Campaign Distributing Christmas Bonus-Themed Lure

Dec 2022: Scammers Tampering Physical Gift Cards at Retailers

Dec 2022: Microsoft OneDrive and QR Codes Used in Phishing Campaign

Dec 2022: Phish Alarm-Themed Lures Used in Credential Phishing Attacks

Dec 2022: HIPAA-Related Lures

Nov 2022: Recruitment Company Michael Page Impersonated in Job-Themed Lures

Nov 2022: Hundreds of U.S. News Sites Compromised to Deliver Fake Browser Updates

Nov 2022: Shopping and Shipping Themed Mobile Attacks Likely to Ramp in Coming Weeks

Nov 2022: Twitter-Themed Lures Used in Credential Phishing Attacks

Nov 2022: Amazon-Themed Lures Distributed Via Zoom