Campus News

Important: UCPath Direct Deposit Phishing Alert

These sophisticated scams involve using fake but convincing websites, as well as spoofed phone calls and text messages pretending to be from IT or help desks.

May 29, 2025

By Information Technology Services

Dear UC Santa Cruz Staff, 

Online attackers are continuing to successfully target University of California employees to gain access to paychecks by rerouting direct deposits. Dozens of UC faculty and staff members, including some at UC Santa Cruz, have recently fallen victim to these online attacks.

These sophisticated scams involve using fake but convincing websites, as well as spoofed phone calls and text messages pretending to be from IT or help desks, to trick you into sharing your login credentials.

What you can do:

• Know the official UCPath site. Verify and bookmark the UCPath link (ucpath.universityofcalifornia.edu) to avoid landing on fake versions through email, text, or search engines.
   
• Check your recovery email address in UCPath. Adding a personal (non-UCSC) email to your UCPath account is vital so you can be notified about account activity. Log into UCPath  > Employee Actions > Personal Information > Personal Information Summary > Change Email Address > Add.
   
• Review direct deposit settings. Verify the routing information for your direct deposit in UCPath. Log into UCPath > Employee Actions > Income and Taxes > Direct Deposit.
   
• Be skeptical of unexpected account messages. Phishing attempts often come through emails, texts, or calls that appear legitimate. If something feels off, don’t engage—report it immediately.
   
• Protect your Duo (MFA) credentials. Never share your multi-factor authentication codes or approve push notifications you didn’t initiate. ITS will never ask you for this code.
   
• Stay alert. Pause before clicking links or entering login credentials—especially on unfamiliar or unexpected pages.
   
• Enroll in free identity monitoring. All UC employees can sign up for identity monitoring through Experian at no cost.

Report suspicious activity immediately

• Report suspected phishing or unauthorized access immediately
• Contact ITS if you have any questions or concerns

The UC Office of the President, in collaboration with the UC Santa Cruz Information Security team, has taken decisive action to strengthen protections and reduce risk. Learn more about these online attacks.

Thank you for your continued attention to keeping UC data and systems safe.

Sincerely,

Aisha Jackson
Vice Chancellor for Information Technology

Brian Hall
Associate Vice Chancellor / Chief Information Security Officer

Kamala Green
Associate Vice Chancellor / Chief Human Resources Officer