Scam artists and criminals are always trying to steal UCSC accounts. They want access to your account for different reasons, including things like transferring money out of your bank account, sending SPAM from your e-mail account, or getting access to secure resources that they are not supposed to have access to, like the campus wireless network. It is your responsibility to practice "good hygiene" when it comes to using the Internet. Some things to keep in mind:
You can tell if you're looking at a secure UCSC web site by looking in your web browser's address bar. Secure UCSC web addresses will always start with
https:// and contain
ucsc.edu/. Some examples of secure UCSC web addresses are:
Please note that some UCSC services are provided by external vendors, such as Google. These services may use your UCSC password, which does confuse matters considerably. It is a good idea to ask an ITS employee about logging in to a UCSC service that is hosted by a vendor before you log in the first time to make sure that the vendor is legitimate.
The key elements to look for are:
https://. If you see
http://or anything else, it is most likely not a secure web site.
ucsc.edu/. There should be no additional characters between the
/character. If there are extra characters there, the site you are looking at is probably inauthentic and insecure.
ucsc.edu/parts of the address. Be especially wary of addresses that have the
@character in them, as these are especially troublesome.
Some examples of invalid web address that you should
NOT enter your password on are:
https://email@example.com/Why: This web URL contains an @ character, which is included to confuse you into thinking you are logging in to a UCSC web site when you are really logging in to a site called "securesite.com".
https://ucscsecurewebsite.com/Why: This web URL links to a non-UCSC web site, even though the letters "ucsc" appear in the domain name. UCSC only uses the ucsc.edu domain name for its secure web sites.
https://ucsc.edu.secure.something.com/Why: This web URL links to something.com and is not affiliated with UCSC, even though it contains UCSC in the URL.
https://secure.mysite.com/ucsc.edu/Why: This web URL links to the secure.mysite.com web server, which contains a folder called "ucsc.edu".
Almost all web browsers use plug-ins to provide features that are not part of the core web. Plug-ins, such as Flash and Acrobat, often have security vulnerabilities that need to be fixed periodically.
If you use Firefox, you can perform a plug-in update check to make sure that you have the most current version of your plug-ins. If you use Internet Explorer, you should visit the Microsoft Windows Updates page regularly. Users of other web browsers should check with the software vendor for information about how to check for updates.