CAMPUS NOTICE

 

OFFICE OF THE CHIEF INFORMATION SECURITY OFFICER

OFFICE OF THE DIRECTOR OF
INFORMATION SECURITY, UC SAN DIEGO HEALTH

July 30, 2019


ALL ACADEMICS AND STAFF AT UC SAN DIEGO (including Health)

Subject:    Spear Phishing Email Campaigns Target Unit and Executive Leadership

In early July, UC San Diego and UC San Diego Health were targeted by a coordinated, wide-ranging “spear phishing” campaign. The scammers, masquerading as unit leads and executives, tried to get people to reveal sensitive information. We’d like to take a moment to describe this attack, and offer tips for spotting similar attacks and how to report them. If you believe that you’ve received a phishing or spear phishing email, please forward it to abuse@ucsd.edu. Messages sent to the abuse email account are automatically processed by our anti-spam system and will help improve our detection mechanisms for future phishing attempts.

One telltale sign of spear phishing is an unusual request. For example, is a colleague asking you to transfer money or other goods seemingly out of the blue? Are they insisting on a specific deadline, or otherwise creating an artificial sense of urgency? If so, you might be a target of spear phishing.

If the message or request does seem suspicious, do a little digging to ensure it’s actually coming from your colleague. For example, in the recent attack, the fraudulent messages came from Gmail accounts designed to look like @ucsd.edu accounts:

From: Bob Smith
(bob.smith.ucsd.edu@gmail.com)
To: a colleague of the real Bob Smith

In a few cases, the spammers changed the “from” address to other variations of a bogus email address, such as:

From: Bob Smith
(bob.smith.ucsd.edu07@gmail.com)
To: a colleague of the real Bob Smith

In this case, the recipients were all professional colleagues of the individuals whose names were used as the bogus sender of the messages. This suggests the individuals or organization sending the notes had researched their targets and crafted the messages specifically for them. This is the essence of spear phishing. The tactic is often a tool of state-sponsored hackers who are trying to garner a toe-hold into organizations with proprietary assets, including the world-class research and health care assets at UC San Diego.

Phishing attacks – and spear phishing attacks like the one that occurred earlier this month – are likely to become more and more sophisticated as time goes by. IT Services and Health Information Services have implemented tools to identify and remove fake emails that get delivered to @UCSD.edu accounts. But you can help too:

The Office of Information Assurance maintains extensive information on phishing on our website: https://blink.ucsd.edu/technology/security/user-guides/phishing.html

Specific questions about our handling of spam and phishing that are not addressed above can be sent to the campus Service Desk at servicedesk@ucsd.edu or Health Information Services at 3HELP@ucsd.edu. Security incidents (such as falling for a phish) can be reported to security@ucsd.edu or 3HELP@ucsd.edu. Finally, we invite you to tell us what you think of Cybersecurity at https://sixwords.ucsd.edu.



Michael Corn
Chief Information Security Officer

Ken Wottge
Director, Information Security
UC San Diego Health