UCPath is alerting employees of new phishing email scams that are targeting UC employees by falsely impersonating UCPath. Here’s what you need to know to protect your information.

What does the phishing email contain?

The fraudulent email includes the UC/UCPath logo and the subject line: “Update Your UCPath Account.”

The body of the email provides the following instructions: “Kindly review and update UCPath account to avoid issues. This is a mandatory update for all UC Staff and Faculty Members. Update Account.”

By selecting the link, users are directed to a fraudulent login page mimicking the UCPath login interface. If users provide account information on this page, hackers can access their personal information, including making fraudulent updates to direct deposit accounts.

If you received this email and shared your credentials, contact the UCOP Security team (infosec@ucop.edu) immediately. If unreported, this attack can leave you without a paycheck. We can only address incidents if they are reported by affected employees. (If you work at another UC location, please follow your location’s process for reporting security incidents.)

How UCPath works to protect you from phishing scams

Every time you update your personal information in UCPath, such as direct deposit details, the system automatically sends notifications to your work and personal email addresses (if you have a personal email on file). For your safety, these alerts do not contain detailed information about the updates.

Make sure to always carefully review any UCPath notifications.

• If you receive a notification about an update that you requested, you do not need to take any additional action.
• If you receive a notification of a change that you did not request, contact UCPath immediately at universityofcalifornia.edu or by calling (855) 982-7284, Monday through Friday from 8 a.m. to 5:00 p.m. (PT).

How you can protect yourself from phishing attempts

• If you receive a notification about an update that you did not make to your UCPath account, contact UCPath immediately.
• If you receive an email from UCPath and are unsure whether it is valid, contact UCPath through the official website or telephone number.
• Only log into your UCPath account through the official website; do not log in via emailed links.
• Be especially wary of unexpected/unusual urgent requests regarding your UCPath account (e.g., to verify security questions or enter a mobile passcode from your DUO app).
• Do not respond to emails requesting your personal information, such as passwords, account numbers or social security numbers. UCPath will never request this information via email.

Additional tips for thwarting phishing attempts

• Protect your credentials. No legitimate company or organization, including UCPath, will ask for your username and password or other personal information via e-mail.
• Check the sender. Check the sender’s email address. Any correspondence from UCPath will come from the address ucpath@universityofcalifornia.edu.
• Beware of attachments. Email attachments are the most common vector for malicious software. If you get a message with an attachment, delete it unless you are expecting it and are certain it is legitimate. If you’re not sure, call the sender at a number you know is legitimate to check.
• Trust your instincts. If you get a suspicious message that claims to be from an agency or service provider, use your browser to manually locate the organization online and contact them via the website, email, or telephone number that you looked up — not what was provided in the message.
• Take your time. If a message states that you must act immediately or lose access, do not comply. Phishing attempts frequently threaten a loss of service unless you do something. Cybercriminals want you to react without thinking; an urgent call to action makes you more likely to cooperate.
• Don’t click links in suspicious messages. If you don’t trust an email (or text message or post), don’t trust the links in it either. Beware of links that are hidden by URL shorteners or text like “Click Here.” They may link to a phishing site or a form designed to steal your username and password.

For more information and tips, visit the UCOP Information Security website.

About

View all post by