Select Page

Latest Phishing Scams

**** Multiple emails have been posted to avoid confusion.  Each example has been separated by ### ****

########################################################################################
From: AppleID <noreply7657@mail.applemail.com>
Date: January 20, 2018 at 5:02:32 AM PST
To: xxxx.ucla.edu
Subject: Your AppleID has been locked due to security reason
Reply-To: noreply7657@mail.applemail.com
 
For your protection, your Apple ID is automatically disabled.
We detect unauthorized Login Attempts to your Apple ID from other IP Location. Please verify your identity today or your account will be disabled 
due to concerns we have for the safety and integrity of the Apple Community.
To continue enjoy our service, please update your account informations ( Click Here ) and we will validate your account. We will unlock your account
when we finish your account validation.
 
In addition, if you do not verify your account within 2 days, your account may be deleted.


iCloud is a service provided by Apple. Apple ID | Support | Terms and Conditions | Privacy Policy 
Copyright © 2016 Apple Distribution International, Hollyhill Industrial Estate, Hollyhill, Cork, Republic of Ireland. All rights reserved.
########################################################################################
From: AppleID <noreply7657@mail.applemail.com>
Subject: 	Mailbox limit have exceeded.
Date: 	Thu, 18 Jan 2018 14:33:01 +0900
From: 	IT Helpdesk <m.maeda@center.konan-u.ac.jp>
To: 	quota@web.edu

Your mailbox have exceeded the Quota set by the Mail Team.
You may not be able to send or receive new email until you re-enable 
your web mail.

To validate, click: 
https://forms.office.com/Pages/ResponsePage.aspx?id=zR8vE8HBMUKOm4yDZFuJTNW8wn7ds1tHuV5qRcfsrRlUNFFDRjBSRVdYNDlDOEUxSDAwN0s1TDE2Vy4u
########################################################################################

 Subject: 	Microsoft Office Account Validation Message
 Date: 	Mon, 18 Dec 2017 23:13:42 +0100
 From: 	Microsoft Office 365 <andy1@oulook.com>
 To: 	Recipients <andy1@oulook.com>

Item downloaded / attached is a PDF for Microsoft Office 365, asking you to click on a link.

SEASnet does not use Office 365.  hovering the mouse over the link shows the following site:

//tripbolsasacessoriocelular.com.br/wp-content/plugins/gravity-forms-css-ready-selector/zl/t.htm

Please MARK this as SPAM / JUNK

Thank You.
########################################################################################
From: "Chhetri, Shweta" <shweta@seas.harvard.edu>
Subject: UCLA Police Department
Date: November 3, 2017 at 9:27:18 PM PDT
To: undisclosed-recipients: ;
 
There is a police Situation on campus, We Encourage everyone to read and follow protocol.

This message is sent Via Secured HTML Protocol Click Here <http://store.rotaryana-engineering.com/wp-content/final/> to View.
 
Thanks,
601 Westwood Plaza
Los Angeles, CA 90095

 

########################################################################################
########################################################################################

2016/12/06 URGENT NOTICE FROM CAMPUS REGARDING RANSOMWARE:

The email appears to come from office@”department”.ucla.edu where “department” is the name of the unit to which the phishing message is directed.   The subject of the email is “Scanned image from MX2310U@department.ucla.edu” with the unit name similarly substituted.

If you receive this email, do not open any attachments and immediately delete the message. Note that a sample of this email is shown below:

phishing_scam

Email sent to HSSEAS addresses with .zip attachments will not be delivered. Instead the user will receive an email saying that the message has been blocked along with instructions about what to do if you were expecting an email message with an attachment.

#############################################################

EMAIL ISSUED BY CAMPUS to Warn of Phishing Being sent:

To the Campus Community:
Be advised there is a Phishing email message being sent throughout UCLA claiming to be from Bruin Alert
and asking you to log-in to confirm your credentials. If you receive the message, please take no action and
immediately delete it.
FYI, the message has a couple of telltale signs to look for when trying to determine the validity of a questionable email:
1.
The email address of the sender is not actually the same as the name of the sender (in this case, it isn’t even a ucla.edu email address).
2.
Very poor grammar and spelling.
A copy of the message is below for your reference. Please feel free to reach out to me with any questions or concerns.
Sincerely,
Michael Story
Interim Chief Information Security Officer
Information Technology Services
——– Original message ——–
From: UCLA Bruin ALert ‹
Date: 6/18/16 5:40 PM (GMT-08:00)
To:
Subject: UCLA Bruin Alert
Dear user;
Because of the recent shooting in school, the school authority has upgraded the email portal of every students and staffs of the school.
You are advice to log-on here to confirm if your login credentials in other to allow the recent upgrade on your device.
The upgrade is been done to beef up our security network technologically.
Regards,
The UCLA Bruin Alert
###################################################################