Fight the Phish

Fight the Phish Sticker

'Fight the Phish' is a phishing awareness campaign designed by the Information Security Office to keep our community safe. 

We've created materials to help you identify, report, and avoid these types of attacks.

Visit our Fight the Phish Materials for more information, including the items highlighted below.

How to Fight the Phish

You are the first line of defense for protecting yourself and the campus community, here are simple tips to make sure you stay alert:

Keep Your Guard Up:

  • Protect your credentials. If a person is asking you for sensitive information don't be afraid to ask why; no reputable company will ask for sensitive information via email, text message, or phone.
  • Beware of attachments and links. E-mail attachments and links are commonly used to send malicious software. When you get a message with an attachment, or link, verify that it is legitimate - before clicking.

Float Like a Butterfly:

  • Check the sender. Check the sender's e-mail address before replying or clicking on links. Since emails can be spoofed, float your cursor over addresses before replying to make sure they are legit. Any correspondence from an organization should come from an organizational e-mail address. 

This Time, It's Personal:

  • Limit your public information. Attackers use personal, public information about you to lure you into responding. The less you share about yourself, the smaller the target you are for a social engineering attack. Cybercriminals use information you post online to learn how to gain your trust. 

Know Your Opponent:

  • Don't be pressured. Emails that create urgency and fear are usually fake. Take your time, look at the whole email and be skeptical: double check the “from” address to see if it’s legitimate.
  • Stop and review. Look at the email before replying. Is it unexpected? Does the request make sense? When in doubt, reach out to the sender, separately, by phone or directly emailing them (not replying to the email).

Get in the Ring:

  • Report it! Using the bMail web interface:
    • Open the message
    • To the right of 'Reply' arrow, select 'More' (typically denoted with three vertical dots)
    • Then 'Report phishing'

If you are unable to log into bMail forward the message to phishing@berkeley.edu

Want to learn more?

Read our Fight the Phish anti-phishing tips and get printable materials to help spread awareness.