Skip to main content

Identifying the typical UCLA.edu phishing e-mail

Despite the BOL alert to phishing e-mails, many users are still unable to identify phishing e-mails…

http://www.bol.ucla.edu/alert/20080307.html

Identifying things— any one of these generally is sufficient to identify that it is fake, most phishing e-mails will correlate with most of these items:
-—-
- We do not refer to “UCLA.edu” e-mail, we refer to it as Bruin Online mail (e.g. https://mail.ucla.edu displays “Welcome to Bruin Online Webmail”) to distinguish between BOL mail and departmental e-mail (such as geog.ucla.edu provided by SSC).

- You do not have an “e-mail username”, you have a UCLA Logon ID.

- BOL would never ask for your password, “e-mail password” or otherwise.

- BOL would never ask for your country or territory.

- We have a known policy for maintaining accounts and the threat below has no relation at all to Bruin Online policy (UCLA Logon IDs are permanent) http://www.bol.ucla.edu/services/accounts/info/regular.html#regexp

- There’s no such thing as a “UCLA.edu Webmail team”; Bruin Online handles all e-mail directly from the ucla.edu domain.

- There’s no such thing as a “UCLA.edu Data”.

- There is no such thing as “uclateam@ucla.edu” .

- If you check the message headers in more detail you will see that it does not come from a UCLA mail server and that actual reply-to address does not go back to a UCLA address.

Back to top