UC campuses have observed a significant rise in phishing attempts designed to trick victims into revealing their UCSB account login credentials. These emails often appear to be legitimate requests to "confirm your UCSB account" or "change your password."  

Attackers are now using a sophisticated “Adversary-in-the-Middle” phishing technique. These attacks use a fraudulent website designed to perfectly mirror the legitimate UCSB Single Sign-On page, complete with the Duo Verified Push prompt, making it feel as though you’re logging in securely. In reality, your credentials are being stolen.

The phishing site, hosted on a fake domain, proxies your connection to the real UCSB SSO in real time. This allows the attacker to capture your login session and use it to access your email or any other UCSB systems protected by SSO.

What you can do to protect yourself: 

  1. Question any email that:
  • ​​​​​​​Asks you to click a link to verify your account or update your password, even if it appears to be from a trusted source. IT support staff will never ask you to update your password or verify your account via email.
  • Threatens account suspension or deletion if immediate action is not taken.
  • Contains urgent language or unusual grammar/spelling errors.
  • Has a sender address that possesses a minor error (e.g., "identity@ucsb.edu.com" instead of "identity@ucsb.edu").

 2. Always check the website URL:

  • In your browser’s address bar, check the URL of the site where you are entering your UCSB password. It should begin with https://sso.ucsb.edu. If it does not, the site is not legitimate, and you should stop immediately.

 3. Use Native Gmail Apps

  • The official Gmail application provides the most secure way to access your account, with built-in protections against sophisticated threats.  
    • For mobile devices, use the Gmail app from the App Store or Google Play Store, and for computers, use a web browser to navigate to https://www.gmail.com
  • Third-party email clients, such as Apple Mail, Thunderbird, and Outlook, do not provide visual cues or warnings about phishing and spoofing indicators, including external senders or suspicious links. 

 4. Always use Direct Navigation:

  • If you need to change your password, go directly to the UCSB identity site by typing the official URL,  https://identity.ucsb.edu, into your browser. Never use a password change link provided in an email.
  • If you’re unsure whether an email is legitimate, verify it by contacting the sender through a known, trusted method, such as a phone number you recognize or an email address listed on UCSB’s official website. Do not reply to the email itself.

If you receive a suspicious email:

  • Do not click any links or open any attachments.
  • Do not reply or share any personal or account information.
  • Report it immediately by forwarding the message to security@ucsb.edu.
  • After reporting, delete the email from your Inbox (and your Trash folder).

Your security is our top priority, and we encourage you to take these steps seriously. By working together, we can mitigate the potential risks associated with these fraudulent activities.