Log in to see all content. Some content is hidden to the public.
Can't find what you're looking for? Help us improve the search functionality by reporting the expected results.
97 Results
Dec 2022: Microsoft OneDrive and QR Codes Used in Phishing Campaign
Threat Alert: What to Watch For Recent email-based attacks have used compromised Microsoft OneDrive accounts to send phishing emails. These emails encourage recipients to click a link to view a shared document. The OneDrive links lead targets to shared PDF documents containing quick response (QR) codes.
Dec 2022: Phish Alarm-Themed Lures Used in Credential Phishing Attacks
Threat Alert: What to Watch For Cybercriminals have launched phishing attacks claiming to originate from a company help desk team.
IT Finance
The IT Finance and Campus Finance teams are responsible for the stewardship of IT’s financial resources (~$300M in annual spend and ~900 FTE). We ensure both IT’s and the institution's fiscal goals are met in compliance with accounting, regulatory, and other policies.
Nov 2022: Amazon-Themed Lures Distributed Via Zoom
Threat Alert: What to Watch For Cybercriminals have launched a series of malicious email attacks impersonating an Amazon package order confirmation. The attack uses Amazon-branded emails delivered from a Zoom sending address, as threat actors are abusing Zoom’s infrastructure. The emails prompt recipients to click a link to download an invoice for order details.
Stop You've Been Phished!
But don't close this page!This phish is authorized by UCSF Information TechnologyHowever, this could have been sent by a criminal and scanning the QR code could have led to a criminal:
Dec 2022: Phishing Campaign Distributing Christmas Bonus-Themed Lure
Threat Alert: What to Watch For Cybercriminals have launched a series of phishing attacks using the promise of a paid Christmas bonus as a lure.
Jul 2023: HR Themed Phishing Attacks
Threat Alert: What to Watch For Cybercriminals have launched series of phishing attacks claiming to be from the recipient’s HR department. The lures use a variety of sender names like HR Alerts or HR Department; however, the actual sending address is not associated with a recipient’s company or HR department.
Jan 2024: Phishing Attacks Use CAPTCHA to Increase Trust
Threat Alert: Phishing Attacks Use CAPTCHA to Increase Trust Cybercriminals have launched a series of phishing attacks imitating a legitimate company.
Oct 2023: Extortion-Themed Phishing Lures Spread Malicious Software
Threat Alert: Extortion-Themed Lure Spreads Malware Cybercriminals have launched a series of phishing attacks using extortion-themed lures regarding alleged explicit photos of the recipient. The messages come from compromised Flickr accounts and contain malicious URLs labeled to appear as explicit or vulgar. The messages threaten to share the photos and claim to have additional explicit images of the reci
Nov 2022: Twitter-Themed Lures Used in Credential Phishing Attacks
Threat Alert: What to Watch For Cybercriminals have launched phishing attacks impersonating Twitter Services. The emails include links to lookalike landing pages that are designed to steal Twitter credentials and phone numbers. While the email display names make it appear the messages come from “Twitter Services,” the actual sending address is a Gmail account. The emails use the proposed change at Twitter of charging verified users a monthly fee to maintain their verification status.