Skip to Main Content

Bruin Learn access is restored. UCLA Digital and Technology Solutions and Bruin Learn administrators are continuing to monitor for delays or unexpected issues with the restoration of UCLA’s Canvas environment. If you continue to experience any issues with Bruin Learn, please reach out to BruinLearn-Support@it.ucla.edu

A Practical Guide to Protect Against Phishing

Email on a fishing hook being stolen from a mobile phone

Phishing remains one of the most common and effective pathways for cyberattacks on universities. Whether the target is a first-year student, a tenured faculty member or an administrative staff member, the consequences can include lost data, disrupted research, financial fraud and reputational harm. Below is a brief, factual and actionable guide to protect every campus community member.

Why this matters (three perspectives)

  • Students: Credentials for campus systems and learning platforms are high-value and frequently reused — exposing personal information and access to services.
  • Faculty: Research data, grant information and intellectual property are attractive targets; a single compromised account can derail projects.
  • Staff: Administrative accounts often have privileges over payroll, procurement and sensitive records — making them prime phishing payoffs.

Practical protections you can adopt today

Assume caution, verify always

  • Pause before clicking. Verify unexpected or urgent requests by contacting the sender through a known channel (not by replying to the suspicious email).
  • Inspect sender addresses carefully — look beyond display names for domain spoofing.

Use strong, unique authentication

  • Enable multi-factor authentication (MFA) on all accounts. Prefer hardware tokens or phishing-resistant methods where available.
  • Avoid password reuse; use a reputable password manager.

Treat links and attachments as potential threats

  • Hover to preview URLs before clicking. If a URL looks unfamiliar, type the institution’s site address manually.
  • Scan attachments with institutionally approved tools; be especially wary of compressed files and macros in documents.

Be aware of social engineering cues

  • Red flags: unexpected urgency, requests for credentials or payments, odd salutations and slightly altered branding or grammar.
  • Watch for conversational phishing delivered via SMS or social platforms.

Keep devices and software current

  • Apply OS and application updates promptly and use institutionally managed endpoint protection where provided.

If you suspect phishing, act quickly

  • Report immediately to your campus IT/security helpdesk using the official reporting channel.
  • Do not forward the suspicious message to others; use the institution’s report mechanism so security teams can analyze and contain threats.
  • Change credentials and review account activity if you clicked a link or provided information. Notify any affected collaborators.

A shared responsibility

Protecting our campus is everyone’s responsibility. Small, consistent actions — verification, MFA, careful handling of links and attachments and prompt reporting — dramatically reduce exposure and keep students, faculty, and staff safe.

Remember to #becybersafeUCLA!

Learn more about Cybersecurity Awareness Month at UCLA — and enter the raffle for a chance to win tickets to the UCLA vs. USC football game — by visiting Cybersecurity Awareness Month 2025.

Tags
2025