How to recognize "phishing" scams

We're highlighting some examples of real "phishing" email messages that were sent, department-wide, to Physics & Astronomy email account holders.

Each one of these messages may look like a real email from the Computing and IT Support group, but they are not. Here's how to recognize a "phishing" scheme, an attempt to get you to click on a link and give your login credentials to unauthorized people.

In the first example (below), look at the "From:" line. It claims to be from UCLA but the address is or appears to be an account holder in Michigan -- and it's probably a hacked account too. If you hover over the "Click here" link with your mouse (don't click it, just hover) a pop-up will show you where the hackers hope to lure you. Instead of landing on our department's Computing & IT Support page (, you would be directed to an address at decidedly non-UCLA address!

This attempt also contains ungrammatical English without proper punctuation. That's another clue that the email is not safe.

The next example below is from a non-UCLA email address, as you can see in the From: line. The email attempts to convince you that your account is out of date, and to update it by clicking on a link. But don't do it! As you can see with the mouse hovering over the "Click Here" link, the actual address isn't UCLA either, but is in fact somewhere in Spain or pretending to be. It's not a safe link.

This attempt is clever. Someone actually lifted a logo similar to the UCLA Physics & Astronomy website and included a photo of UCLA so it would look more authentic. But it's not. The big red button leads to a non-UCLA domain called That's not legitimate. Stay safe and don't click on email links like this.

The last example shows an attempt to circumvent our email spam filters by including a PDF attachment. Note that the From: address is, yet another non-UCLA address. It's poorly worded too, another indication that it was written by a non-English-speaking person. What's in the attachment? Another bogus link, of course, hoping to trap you into giving up your login and password.

The bottom line: be careful about official-looking emails that ask you to click on a link to do things such as upgrade your account, clear spam, activate new webmail, or some other activity involving your email.

Before clicking any link, if you suspect that the email is asking for your private account information and you want to check it with us first, open a new helpdesk ticket and copy and paste the message. We will get back to you as soon as we can to verify whether the email is legitimate or fraudulent.

You can help keep your email account safe by following these steps. Please contact Computing & IT Support if you have further questions.