Security Update:Alert on Holiday Phishing Scams and Malware Campaigns

Status Type

Security Update

Date and Time

Wednesday, November 30, 2016 - 17:00


Security Alert


All Users


With holiday shopping in full swing and shoppers hunting for irresistibly good buys; it’s a safe assumption that crooks and scammers are baiting their traps with deals too good to be true. In addition, these nefarious actors will try to take advantage of your giving spirit.


  • E-cards from unknown senders may contain malicious links.
  • Fake advertisements or shipping notifications may deliver infected attachments.
  • Spoofed email messages and fraudulent posts on social networking sites may request support for phony causes.
  • Bogus online classified ads and auctions: Criminals post products they don’t have, or, in some cases, use stolen credit card numbers to purchase merchandise they offer in auctions. In another scam, criminals may promise free delivery and provide customers with free “paid” shipping labels that are fake and won’t be honored by shippers.

To avoid seasonal campaigns that could result in security breaches, identity theft, or financial loss, you are encouraged to:

  • Slow down. Spammers want you to act first and think later. If the message conveys a sense of urgency, or uses high-pressure sales tactics be skeptical; never let their urgency influence your careful review.
  • Research the facts. Be suspicious of any unsolicited messages. If the email looks like it is from a company you use, do your own research. Use a search engine to go to the real company’s site, or a phone directory to find their phone number.
  • Delete any request for financial information or passwords. If you get asked to reply to a message with personal information, it’s a scam.
  • Reject requests for help or offers of help. Legitimate companies and organizations do not contact you to provide help. If you did not specifically request assistance from the sender, consider any offer to ’help’ restore credit scores, refinance a home, answer your question, etc., a scam. Similarly, if you receive a request for help from a charity or organization that you do not have a relationship with, delete it. To give, seek out reputable charitable organizations on your own to avoid falling for a scam.
  • Do not click on links inside emails, and avoid suspicious websites. Be aware that the bad guys are devious enough to create fake sites.
  • Be cautious about opening any attachment or downloading any files from emails you receive; regardless of who sent them. These files can contain viruses or other software that can weaken your computer’s security.
  • Follow UCSF Minimum Security Standards for all computing devices, especially personal devices used for UCSF business.

For additional tips, read: