/
How to Protect Yourself and UC Davis From Scams

How to Protect Yourself and UC Davis From Scams

Phishing scams are on the rise, and we want to help protect you and the university.

How to Safeguard Yourself from Phishing Scams

Scammers may impersonate trusted sources, such as UCPath, Canvas, other UC systems or your bank, via email, text, or phone, asking for passwords, Duo codes, or other sensitive information.

 

  1. Verify identities before sharing personal information. Always contact the institution to confirm the request.

  2. Never provide your information in response to an email or text message you do not recognize.

  3. Do not click suspicious links, download attachments, or enter your password or Duo code on an untrusted website or form.

  4. Do not approve Duo push notifications you didn't initiate.

  5. Watch for fake login screens designed to steal your information.

  6. Check to see if the sender is from UC Davis. If so, follow-up directly with him or her to verify the email is legitimate.

  7. If the sender did not send the email, or if the sender is not from UC Davis, check UC Davis’s Phish Bowl site to see if this is a known phishing attempt or to report one. Reporting phishing attempts helps us block future ones from reaching you.

    image-20260401-194005.png


    From within Outlook, you can use the Report button to report both Phishing and Junk messages.

  8. Check the authentic message registry to see if the message is listed there.

  9. Whether you choose to report the message as a phishing attempt or not, you can always delete it.

Mail sent from outside of UC Davis is now marked as External in Outlook, as shown below. This is an extra indicator that this message should be thoroughly scrutinized before clicking any links or opening any attachments. This does NOT confirm a message is a phishing attempt, only that you should pay closer attention to it.

You should not forward potentially phishy messages to the Service Desk for verification. Verification should be done through the Phish Bowl or authentic message registry sites mentioned above.

Beware: Fraudulent Duo Push Notifications

If you receive a Duo push notification that you did not initiate, someone is attempting to fraudulently access your account.

  1. Deny the Duo prompt. 

  2. Report suspicious activity via the Duo app, if prompted. 

  3. Report the activity to cybersecurity@ucdavis.edu  

  4. Reset your UC Davis passphrase.

Beware: Fake UC Davis Login Screens 

Hackers may create fake login screens with the same look-and-feel as UC Davis websites. If you entered your information on an untrusted form or website:  

  1. Report the activity to cybersecurity@ucdavis.edu  

  2. Reset your UC Davis passphrase.

 

 Related articles