OFFICE OF THE CHIEF INFORMATION SECURITY OFFICER

OFFICE OF THE CHIEF INFORMATION SECURITY OFFICER,
UC SAN DIEGO HEALTH

May 21, 2025

Alternate text

ALL ACADEMICS AND STAFF AT UC SAN DIEGO, INCLUDING UC SAN DIEGO HEALTH

Urgent: Protect Yourself from UCPath Phishing Scams

The Office of Information Assurance would like to alert you to an ongoing phishing scam targeting UCPath users across all University of California locations, including UC San Diego. The scam involves malicious domains and websites that mimic the legitimate UCPath website, aiming to steal your username, password, DUO MFA code, and UCPath security questions.

These attackers use the stolen information to log into UCPath, change your Direct Deposit information to a different bank account, and divert your pay to their bank account. You may be affected if you receive an email from UCPath titled "Direct Deposit Updated" without initiating the change.

To protect yourself:

  1. Notify IT Security immediately if: You have received an email from UCPath titled “Direct Deposit Updated” without having initiated it, or a DUO notification without having initiated a DUO prompt. Campus users contact security@ucsd.edu. Health users contact hs-infosecurity@health.ucsd.edu.
  2. Verify your Direct Deposit information: Immediately check your UCPath account to ensure your Direct Deposit information is accurate. If it has been changed without your authorization, contact UCPath right away to correct it.
  3. Only access UCPath through the official website: Always visit UCPath via ucpath.ucsd.edu and avoid searching for "UCPath" on search engines, which may lead to malicious domains.
  4. Be cautious of phishing emails and websites: Be aware of emails or websites that ask for your UCPath login credentials, DUO MFA code, or security questions. Legitimate UCPath communications will not request this information via email or unsecured websites.
  5. Update your security questions and reset your UC San Diego AD credentials: If you suspect you have been affected, change your UCPath security questions and reset your UC San Diego AD credentials at password.ucsd.edu to prevent further unauthorized access.

If you have any questions or concerns, please contact security@ucsd.edu (campus) or hs-infosecurity@health.ucsd.edu (Health). For additional information on phishing scams and how to protect yourself, visit the How To Identify Phishing Scams page on Blink.

Thank you for your attention to this matter, and please remain vigilant in protecting your personal and university accounts.

Kevin Chou
Acting Chief Information Security Officer, UC San Diego

Scott Currie
Chief Information Security Officer, UC San Diego Health

University of California San Diego, 9500 Gilman Drive, La Jolla, CA, 92093