Watch Out for Phishing Emails and Tax Scams!
Back to Top
First Posted: 01/19/2018
Every tax season, there is an increase in schemes that target innocent taxpayers by email, by phone and the internet. We’d like to remind all UCLA employees to be on the lookout for these deceptive schemes and take the necessary precautions to protect themselves and the University.
Please be mindful of the following:
- You should never include a Social Security Number in an email, either in the body of the email or in an attachment as most email services are not secure.
- Be wary of any message asking for W-2 or other tax information.
- If you receive a phishing email, the UCLA Information Security Office requests that you report the message to their team so that they can proactively alert campus users and bring awareness to widespread phishing campaigns (https://www.it.ucla.edu/security/alerts/phishing-scams). To report phishing scams, follow these steps:
- Provide a full copy of the email by “saving” the email within your email client.
- For Microsoft Outlook users, this can be accomplished by hitting File > Save As after opening the email.
- Compose a new email with the previously-saved phishing message added as an attachment.
- Compose a new email with the previously-saved phishing message added as an attachment.
- Send the resulting message and attachment to security@ucla.edu with a subject line identifying the message as a phishing report.
- Provide a full copy of the email by “saving” the email within your email client.
- Phishing e-mails often contain Campus logos, links to company websites, legitimate phone numbers, and e-mail signatures of actual employees. However, if the message is urging you to take action — especially action such as sending sensitive information, clicking on a link, or downloading an attachment — exercise caution and look for other telltale signs of phishing attacks. Do not hesitate to contact the sender directly; they can verify legitimacy and may not even be aware that their name is being used for fraud.
- Check the sender’s e-mail address to make sure it’s legitimate. If it appears that your institution’s help desk is asking you to click on a link to increase your mailbox quota, but the sender is “UniversityHelpDesk@yahoo.com,” it’s a phishing message. If you don’t recognize it, be suspicious.
- Verify requests for private information (yours or other people’s).
- Protect your passwords:
- Never reveal your password to anyone.
- Use different passwords for different accounts.
- Use different passwords for work and non-work.
- Click “no” when websites or apps ask to remember your password. For examples of the latest scams and phishing attempts please visit the following links:
Please be vigilant this tax year and exercise extreme precaution when received emails or phone calls requesting either your personal information or the personal information of others. For more tips on phishing please visit the UCLA Information Services website: https://www.it.ucla.edu/security/alerts/phishing-scams/what-is-phishing.
For examples of the latest scams and phishing attempts please visit the following links:
UCLA Information Services: https://www.it.ucla.edu/security/alerts/phishing-scams
Current Phishing Scams
UCLA Information Services: https://security.ucop.edu/resources/security-awareness/w2-scams.html
Current W2 Scams
IRS Tax Scams/Consumer Alerts: https://www.irs.gov/uac/tax-scams-consumer-alerts