Phishing (pronounced “fishing’) is an email scam designed to acquire sensitive information from the target (you). The most successful phishing emails are designed to look like the email comes from a reputable source.
Many such emails that look as if they come from a UC Santa Barbara source. Some of these are legitimate, some may not be.
How can I tell if an email is fraudulent?
UC Santa Barbara will never ask for any of the following information:
- Verify your account information or ask for your password
- Confirm your address
- Confirm personal information (except UCSB affiliation) such as age, social security number, or home address.
The signature of the email will always include a legitimate UC Santa Barbara department name. However, this alone should not be used to determine if an email from UCSB.
How can I tell if a website link within an email is fraudulent?
Commonly, phishers put a link in their email that looks valid but actually goes to a fake or copycat site. By hovering your mouse over the link in the email (but not actually clicking on the link).
How did phishers get my email?
As with spam, your email address may have been obtained from a compromised computer, an online directory, a publication, etc.
What do I do if I get a suspicious email?
Don't follow links to a webpage. Instead, check the company's website by typing the URL in your browser or call the company directly.
Don't fill out any emailed forms that ask for personal or financial information.
Delete the message.
Resources:
- Anti-Phishing Working Group
- Identity Theft Victims Guide, by the Privacy Rights Clearing House and CALPIRG
- MillerSmilesCo.UK, archive of spoof email and phishing scams
How can I report a fraudulent email?
UCSB continuously monitors for phishing emails and takes action whenever the message source can be reliably determined. Unfortunately, it is not possible to completely eliminate phishing scams, as the attacks are coming from so many different sources.
If you believe you have a phishing email, you can report it. Please include full email headers when forwarding phishing emails. For instructions on how to forward full headers, please visit the Report Harassing or Unwanted Email page.
Warning: IRS Phishing
Some UCSB faculty and staff are currently receiving emails claiming to be from the IRS stating that there was an error on your return and you need to fill out an online form to collect your refund. The IRS does not do business this way and will never send unsolicited emails asking for personal or financial information. If you receive one of these emails:
- Do not reply
- Do not open any attachments
- Do not click on any links
- Forward the message to security@ucsb.edu