Urgent Warning - Phishing Email Targeting UC Employees

Printer-friendly version
January 8, 2016

To: UCSB employees

From: Sam Horowitz, Chief Information Security Officer

RE: Urgent Warning - Phishing Email Targeting UC Employees

Please read this whole message. We have identified a phishing email that looks like it comes from the UC Office of the President informing employees that their electronic W2 is ready for viewing. It provides a link to a site that phishes for your username and password.

Access to your W2 provides an attacker with your full name, address, social security number, and salary. These can all be used to steal your identity. Phishing your At Your Service username and password also allows attackers to change to your benefit elections and payroll direct deposit.

If you have elected electronic W2 statements, you will get a message later this month and it will have a link to https://atyourserviceonline.ucop.edu/ayso/.

Think before you click! Links in email, tweets, posts, and online advertising are often the way cybercriminals compromise your computer. If it looks suspicious, even if you know the source, it’s best to delete, or if appropriate, mark as junk email. In general, it is always safer to go to a trusted URL and navigate from there.

  • In this case, for general benefits information, go to UCnet at http://ucnet.universityofcalifornia.edu/. UCnet has a link to At Your Service Online where you can view your electronic W2 when it is available or change your delivery preference.
  • If you receive a notice from a bank or a brokerage firm, it is safer to go directly to the appropriate website without clicking on the link in the email.