Latest 'UC Davis' phishing hoax plays off earlier scams

Another week, another email phishing fraud aimed at UC Davis email users.

On Monday, the latest bogus email attempt to steal personal information from the unwary showed up in campus email inboxes. This hoax, the latest of at least six since early April, turns the impersonation level up a notch by acknowledging the earlier scams, implying this one is legitimate.

It isn't. It's fake. Delete it.

Read about earlier scams here. Read about how to spot email frauds here. And be assured that the campus will never ask anyone to send their password in an email. Email is not secure enough.

The campus has blocked the return email address associated with the latest phishing swindle, the same way it has with the earlier ones. But the campus action blocks only messages sent through campus email servers. That means messages sent through an off-campus server, such as one used by a home Internet Service Provider, can still get through.

(Also, the phony message's "from" address is legitimate, used by the School of Engineering for computer support. It is the scam's "return" address--used if you hit the email "reply" button--that belongs to the phishers. That's the address the campus has blocked.)

Contact IT Express, the campus computing services help desk, at (530) 754-HELP (4357) if you have any questions.

Here's the text of today's phishing message, complete with characteristically clunky language, odd use of capital letters, and confusion of "cost" with "caused":

"Dear UCDAVIS Users.

"The reason for this message is because of the Email Scams & Phishing going on the UCDAVIS Network. We have decided to contact all our clients and staff to provide their password so that we can confirm the active users and to de-activate the inactive user. We regret the inconveniences this might have cost you."