Dear UCSF Colleagues,

UCSF is witnessing a rise in sophisticated social engineering attacks powered by artificial intelligence (AI). These attacks often start as seemingly genuine inquiries into your public work or research, but then quickly pivot toward attempts to gain access to sensitive systems and information.

Unmasking AI-Driven Social Engineering in Cyber Attacks

AI has transformed the landscape of social engineering, enabling attackers to execute increasingly convincing and targeted schemes. By processing vast amounts of data at lightning speed, AI can uncover patterns, pinpoint vulnerabilities, and craft highly tailored communications that mimic authentic interactions. From emails and text messages to phone calls and social media exchanges, AI-driven tools can create persuasive, lifelike messages—and even engage in seamless conversations—that are designed to deceive. These advancements make detecting malicious intent more challenging than ever, raising the stakes for cybersecurity.

How to Protect Yourself and UCSF

To protect yourself and UCSF against these evolving threats, it is crucial to adopt a security-first mindset and follow these essential practices when handling unsolicited communications:

• Report Suspicious Emails: If you receive a questionable email, use the Phish Alarm Button within UCSF email to report it immediately.
• Pause Before You Click: Avoid replying to or clicking on links in unsolicited or suspicious messages.
• Verify Independently: If the sender claims to represent a legitimate organization, open a new browser window and manually type in the company’s official website address to confirm authenticity.
• Contact Organizations Directly: If you’re concerned about your account, use a trusted phone number or contact method to reach out directly to the organization mentioned—do not rely on contact information provided in the suspicious message.
• Beware of Listed Phone Numbers: Phone numbers included in emails or texts may be controlled by attackers. Always verify them independently.
• Understand VOIP Risks: Voice Over Internet Protocol (VOIP) technology allows attackers to disguise the origin and destination of calls or texts, making it harder to determine legitimacy.

As AI technology continues to advance, so too will the tactics of cybercriminals. Staying informed, vigilant, and proactive is your strongest defense against these increasingly sophisticated threats. By following these security practices, you can play a pivotal role in safeguarding yourself, your colleagues, and the UCSF community from AI-driven social engineering schemes. Let’s work together to maintain a secure environment in the face of these evolving challenges.

Thank you for your attention to this important matter.

Joe R. Bengfort
Senior Vice President
Associate Vice Chancellor
UCSF Enterprise CIO