Campus News
Phishing attacks targeting UCSC employees and students
More than 300 UC Santa Cruz employee and student email accounts have been compromised through phishing attacks. ITS is taking steps to intercept and prevent these attacks.
Dear Campus Community,
In recent weeks, online attackers have successfully targeted UC Santa Cruz employees and students with email phishing attempts, compromising more than 300 user accounts so far. Information Technology Services (ITS) is taking steps to intercept and prevent these attacks. However, we anticipate that this type of campaign will continue and potentially escalate.
This email and linked resources provide information on how to stay vigilant and avoid becoming a victim of these types of attacks.
How the attack works: Attackers send emails from compromised UCSC addresses with official-sounding subject lines like “Notice concerning your UCSC” or “Important announcement regarding your UCSC.” These emails contain links that redirect to fake login pages designed to steal your credentials and capitalize on the “remember my device” functionality in Duo multi-factor authentication. Learn more about this attack: Security Alert: Dangerous phishing emails targeting UC Santa Cruz.
Why this attack is particularly dangerous
- Users see legitimate UCSC Duo prompts and unknowingly approve them
- Attackers gain full access to email, UCPath, and other sensitive systems and information
- “Remember my device” settings allow ongoing access without re-authentication
- Compromised accounts are used to launch additional attacks
How to protect yourself
- Verify sender authenticity before clicking any links
- If you weren’t actively logging in when you received a Duo push, don’t approve it
- Navigate directly to UCSC sites rather than clicking email links
- Report suspicious emails immediately
Learn more and get support
- Forward suspicious emails to phishing@ucsc.edu, which alerts both the Information Security team and the ITS Service Desk, ensuring coordinated and timely response
- If you believe you are a victim of a phishing attempt, contact the ITS Service Desk
- Refresh your cybersecurity knowledge: Cybersecurity for Employees and Cybersecurity for Students
Thank you,
Aisha Jackson
Vice Chancellor for Information Technology
Brian Hall
Associate Vice Chancellor / Chief Information Security Officer