The campus’s chief information security officer, Cheryl Washington, sent a warning Tuesday (Dec. 20) to the campus community about recent phishing attacks, one that involves a job scam and the other coming in the form of a Duo push or call, asking you to authorize entry to a campus service, when, in fact, you did not initiate a push or call.

In the job scam message, Washington said, the recipient is asked to click on a link to provide their password. “Please note, UC Davis NEVER requests that a password is provided or updated in an email,” she said. “If you receive an email requesting your password, consider it a scam and forward the email to cybersecurity@ucdavis.edu.”

In the case of the Duo scam, your password may have been hacked, and the hacker uses it to send a push or initiate a call asking you to authorize a login to a campus service. So, unless you specifically asked for a push or a call, do not authorize the login. “Your password has likely been compromised,” Washington said, “and we recommend that you change your passphrase immediately.” Here are the instructions.

If you believe your account has been compromised or that you are a victim of the recent phishing scams, please reach out to cybersecurity@ucdavis.edu. You can also contact IT Express by phone, 530-754-4357, or email, 7 a.m.-6 p.m. weekdays.

More information about reporting a phishing email is available here.