An active phishing campaign is currently targeting students at UC Irvine. Bad actors are attempting to steal financial aid refunds and disbursements by gaining unauthorized access to student accounts. 

Attackers are sending phishing emails with the following themes:

• Dropped from class notifications
• Changes to your class schedule
• Grade notifications
• Course schedule validation requests

How the Scam Works:

1. Students receive an email (often using URL shorteners and sites like Weebly.com or tilda.ws)
2. The email directs them to a fake form (Google or Office Forms)
3. The form asks for their info:
   • Name and email address
   • Password (UCI NEVER asks for passwords via email or forms)
   • Date of birth
   • Phone number
4. Students may receive an SMS text message asking them to approve a Duo prompt
5. Once approved, attackers access their email, student portal, and DEFT system to change direct deposit information

How to Stay Protected:

• NEVER provide a password through email links or online forms
• NEVER approve Duo push notifications you didn’t initiate
• VERIFY any communication about grades, classes, or financial aid by logging directly into official UCI portals
• CHECK DEFT direct deposit information regularly
• REPORT suspicious emails immediately to security@uci.edu

For information about class enrollment, course schedule, grades, and other information students should go directly to UCI’s StudentAccess and/or Canvas websites and should not click links to these resources from emails. 

If A Student Believes They’ve Been Compromised They Should:

1. Change their UCINetID password immediately
2. Check their DEFT direct deposit settings at the official UCI portal
3. Contact UCI OIT Security (security@uci.edu) and Financial Services immediately

For the most up-to-date information, visit our Student Phishing Attack webpage. For assistance, contact the Office of Information Technology (OIT) at oit@uci.edu or visit the official UCI websites directly.