Phishing and Social Engineering

Impersonation email campain: Send me your available cell number

Recently UCLA has seen a significant increase in the volume of “impersonation” email campaigns affecting the campus community. These email campaigns rely on social engineering tactics and generally involve the creation of a Gmail account with a very similar email address to a senior UCLA executive in a deception attempt to coerce the recipient into a response.

IRS Warning of Impersonation Attacks Targeting Universities

The Internal Revenue Service (IRS) has issued warning of an ongoing IRS-impersonation scam targeting educational institutes, primarily students/staff who have a “.edu” email address. The phishing email appears to target individuals affiliated with education in all formats including public and private, profit and non-profit institutions.

Spear-phishing using fraudulent requests for interviews related to COVID research

As we focus on research around COVID-19, cybercriminals are focused on targeting researchers. The newest attack involves a fraudulent request for an interview with a well-known New Yorker columnist, Atul Gawande. From early reports, after initial contact, it seems the cybercriminals start a back and forth communication with anyone who responds. The attacker may even set up a phone conversation but ultimately, they send a malicious Microsoft Teams-like link.

Scammers Exploit California’s COVID-19 Contact Tracing Program

Officials are warning that scammers are exploiting California’s Coronavirus Contact Tracing program - The program that health workers use to call everyone who came in close contact with a COVID-19 patient.

Users are urged to look out for and recognize the usual techniques used by the scammers, which one way or another try to solicit personal information, asking for money, immigration status, social security numbers, or getting users to respond to a message by clicking on a hyperlink. Scammers could also be using fake caller ID’s making them look like legitimate callers.

Phishing Emails Regarding Employment Termination Results from COVID-19 Downsizing

In response to the recent increase in teleworking during the COVID-19 pandemic, cyber criminals are targeting teleworking employees with fraudulent termination phishing emails and VTC meeting invites, citing COVID-19 as the reason. Employees who are alarmed by the message may not scrutinize the spoofed email address that looks similar to their company’s legitimate one. The emails entice victims to click on malicious links purporting to provide more information or online conferences pertaining to the victim’s termination or severance packages.

EVC/Provost Opportunity Phish

Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. I am ■■■■■■ ■■■■■■ a Senior Policy Advisor at the Guild for Exceptional Children (GEC). (GEC) is committed to ensuring that all people with disabilities have the right to equal opportunity, to be economically self-sufficient and to earn and save without jeopardizing access to the services and supports that allow them to live and work independently. You have received this email because you have an offer from the University Office for Students with Disabilities to work with me while we help Students with disabilities frustrated with ignorance and lack of services but as my temporary personal assistant.

The FIN7 Cyber Actors Targeting US Businesses through USB Keystroke Injection Attacks

Since 2015, financially motivated cybercriminal groups have actively targeted businesses in the retail, restaurant, hotel, and gaming industries at an increasing rate. Recently, the cybercriminal group FIN7,1 known for targeting such businesses through phishing emails, deployed an additional tactic of mailing USB devices via the United States Postal Service (USPS). The mailed packages sometimes include items like teddy bears or gift cards to employees of target companies working in the Human Resources (HR), Information Technology (IT), or Executive Management (EM) roles.

Settings Changed Phish

Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlink. From: Microsoft Web-Team [mailto:Outlook@@ @ trx.outlok.com] Sent: Friday, January 26, 2018 4:16 AM To: Subject: settings changed Importance: High Outlook Office365 Email   We detected a recent sign-in Windows device. You are getting this email to make sure it was you. To help keep you safe, we require an extra security challenge   Click Here   This action will take a brief period before this request takes effect This is a mandatory communication about the service. To set communication preferences for other cases. © 2018 Outlook-Corporation All Rights Reserved Terms of use Privacy & Cookies

Evite Data Breach -- 33,000 UCLA Emails Impacted

On July 14, 2019, the data breach monitoring service haveibeenpwned.com posted a database dump of approximately 101 million users who had their information exposed as part of the Evite data breach.

This breach was officially reported in June of 2019 and thought to have occurred back on February 22, 2019. Additional information regarding this incident can be found by visiting Evite’s security notice webpage at https://www.evite.com/security/update.