This content is viewable by Everyone
Real Phishing Threats
Please note that this is not an all-inclusive list of all of the phishing threats but rather ones that are typical of current threats and/or ones that were actually received by UCSF staff, faculty, and/or learners (must be logged in to MyAccess to view). Be diligent with all communications, and please, even if you think an email might be a phish, report it via Phish Alarm and find out almost instantly in most cases. Overreporting is never an issue! The reporting information helps UCSF analyze, detect, and reduce risk.
Content on this page
Phish Typical of Current Threats
Great Free Anti-Phishing Resources to Share with Your Friends and Family
Phish Received by UCSF
Nov 2024: UCSF Imposter Uses "New Alerts" Lure
Jun 2024: Leadership Imposters Texting Messages
Feb 2024: Payroll Lure Harvesting Credentials
Dec 2023: Multi Factor Authentication
Jun - Nov 2023: Supply Chain Management / Accounts Payable ACH Fraud
Aug 2017: Supply Chain Management / Vendor Relations ACH Fraud
Phish Typical of Current Threats
Nov 2024: BLACK FRIDAY THEMED Smishing Messages Lead to Malicious Sites
Nov 2024: CREDENTIAL PHISHING Attacks Abuse KnowBe4 Brand
Nov 2024: LEGITIMATE EMAILS LEAD To Websites Offering Fake Updates
Nov 2024: LEDGER-THEMED Phishing Emails Target Crypto Wallets
Nov 2024: IRS-THEMED LURES Distribute Remote Management Tool
Oct 2014: NDA-THEMED LURES ABUSE DocuSign Brand to Steal Credentials
Oct 2024: Threat Alert: META-THEMED LURES Harvest User Credentials
Oct 2014: PHISHING LURES SPREAD Remote Management Software Through Malicious PDFs
Oct 2024: CREDENTIAL PHISHING Attacks Use Microsoft Voicemail Lure
Sep 2024: PHISHING ATTACKS Use Rent Payment Lure for BEC
Sep 2024: SPOOFED BUSINESS Lures Spread Remote Management Software
Sep 2024: JOB-OFFER THEMED Phishing Email Steals Personal Information
Sep 2024: Partnership Proposal-Themed Lure Leads to Malware
Aug 2024: Proofpoint-Themed Lures Steal User Credentials
Aug 2024: Password Expiration-Themed Lures Steal Credentials
Aug 2024: Social Security Themed Lures Distribute Remote Management Software
Jul 2024: CrowdStrike-Themed Lures Lead to Malware and Credential Theft
Jul 2024: Phishing Attacks Use Student Loan Forgiveness Lure
Jul 2024: Social Security Number Suspension Lure
Jul 2024: Phishing Emails Trick Recipients into Installing Malware
Jun 2024: UEFA EURO 2024-Themed Phishing Emails Steal Credit Card Data
Jun 2024: BEC Emails Use TOAD-Style Technique
Jun 2024: Phishing Lures Abuse Hays Recruitment Brand to Distribute Malware
Jun 2024: Compromised Accounts Distribute Malicious Email Attachments
May 2024: Phishing Attacks Abuse Carrier411 Brand
May 2024: Adobe URLs Lead to Credential Phishing Sites
May 2024: Phishing Lure Impersonating GSD Technologies Spreads Ransomware
May 2024: NDA Lures Lead to Installation of Malicious Software
Apr 2024: Meta/Facebook Impersonation
Apr 2024: Microsoft Lure - HTML Files Leading to Malware Installation
Apr 2024: Free Baby Grand Piano Scam
Mar 2024: Invoice-Themed Phishing Lures
Mar 2024: ScreenConnect-Themed Credential Phishing
Mar 2024: Telephone-Oriented Attack Delivery (TOAD) Attacks Use Hulu+ Bundles
Feb 2024: Job Offer Message Lures
Feb 2024: 2024 Tax-Themed Lures
Feb 2024: Deepfake Scam Imitating CFO (Feb 2024)
Jan 2024: Policy Update Phishing Lures Bypass MFA
Jan 2024: Rewards-Themed Lures Harvesting Credit Card Data
Jan 2024: Phishing Attacks Use CAPTCHA to Increase Trust
Jan 2024: NHS-Themed Lures Steal Microsoft Credentials
Dec 2023: WordPress-Themed Lures Install Malicious Plugin
Dec 2023: Bonus-Themed Lures Harvest Credentials
Dec 2023: Eventbrite-Themed Lures Distribute Malware
Dec 2023: Christmas-Themed Lures Steal User Credentials
Nov 2023: HSBC Brand Abuse Lures Distribute Malware
Nov 2023: Phishing Attacks Impersonate Philippine Agency
Nov 2023: Credential Phishing Attacks Abuse Booking[.]com Branding
Nov 2023: OSHA-Themed Phishing Lures Deliver Malware
Oct 2023: Trusted Websites Delivering Fake Browser Updates
Oct 2023: Israel-Palestine Humanitarian Crisis Donation Scam
Oct 2023: Business Email Compromise Lures Spoof US Fire Administration
Oct 2023: TOAD Attack Spoofs Best Buy’s Geek Squad Branding
Oct 2023: Extortion-Themed Phishing Lures Spread Malicious Software
Oct 2023: Dual-Purpose Phishing Attacks Use Blocked Email Lure
Sep 2023: Phishing Lure Uses Potential Employment Status Theme
Sep 2023: Credential Phishing Lure Imitates SharePoint and Financial Institution
Aug 2023: USDA-Themed Lures Use Embedded URLs, QR Codes to Harvest Email Credentials
Aug 2023: Phishing Attacks Abuse Proofpoint Branding
Aug 2023: Impersonation Attacks Target GitHub Developers
Aug 2023: Lawsuit-Themed Lures Spread Malware
Aug 2023: Geek Squad-Themed Lures Used in TOAD Attacks
Jul 2023: HR Themed Phishing Attacks
Jul 2023: Vishing Calls Warning of Fraud Steal Victim’s Information
Jul 2023: Phishing Attacks Use Fight-Themed Lure to Spread Malware
Jun 2023: Hijacked Email Threads Spread Malicious Software
June 2023: Phishing Attacks Abuse Valid Web Traffic Tool
Jun 2023: Phishing Attacks Use Compromised Microsoft Office 365 Accounts
Jun 2023: New Top-Level Domains Increase Phishing Risk
May 2023: Phishing Kit Uses Finance-Themed Lures
May 2023: Malicious QR Codes in Public Places Used in Theft
May 2023: Phishing Attacks Impersonate Secure Share Providers
May 2023: AI-Themed Phishing Lures Distribute Threats
May 2023: URL Shortening Service Widely Abused in Attacks
May 2023: Phishing Attacks Deliver Remote Access Malware
Apr 2023: Tax-Themed Lures Distribute Malware
Apr 2023: Okta-Themed Lures Harvest Microsoft Credentials
Apr 2023: Phishing Lures Abuse SAP Concur and DocuSign
Mar 2023: Attacks Spread Microsoft Teams-Themed Lures
Mar 2023: Vishing Calls Impersonate Loved Ones in Distress
Mar 2023: Twitter Scam Impersonates Bank Support Staff
Mar 2023: Attacks Use Silicon Valley Bank-Related Lures
Mar 2023: Invoice-Themed Phishing Lures Spreading Malware
Mar 2023: Malicious OneNote Attachment Lures
Mar 2023: Global Phishing Campaigns Using Tax Season Lures
Feb 2023: Phishing Attacks Use Earthquake-Themed Lures
Feb 2023: Valentine’s Day-Themed Lures
Feb 2023: Phishing Attacks Distribute IRS Notice-Themed Lures
Feb 2023: Employee Termination-Themed Lure Spreads Malware
Jan 2023: Phishing Attacks Abuse Microsoft OneNote
Jan 2023: Malicious Google Ads Lead to Malware Installation
Jan 2023: Compensation-Themed Phishing Lures Harvest Microsoft Credentials
Jan 2023: Campaign Uses Paycheck Fax-Themed Lure
Dec 2022: Phishing Campaign Distributing Christmas Bonus-Themed Lure
Dec 2022: Scammers Tampering Physical Gift Cards at Retailers
Dec 2022: Microsoft OneDrive and QR Codes Used in Phishing Campaign
Dec 2022: Phish Alarm-Themed Lures Used in Credential Phishing Attacks
Nov 2022: Recruitment Company Michael Page Impersonated in Job-Themed Lures
Nov 2022: Hundreds of U.S. News Sites Compromised to Deliver Fake Browser Updates
Nov 2022: Shopping and Shipping Themed Mobile Attacks Likely to Ramp in Coming Weeks
Nov 2022: Twitter-Themed Lures Used in Credential Phishing Attacks
Nov 2022: Amazon-Themed Lures Distributed Via Zoom
Great Free Anti-Phishing Resources to Share with Your Friends and Family