Phishing is a type of attack carried out to steal usernames, passwords, credit card information, Social Security Numbers, and other sensitive data. Phishing is most often seen in the form of malicious emails pretending to be from credible sources such as UC Berkeley technology departments or organizations related to the university.

Attackers can use this information to:

  • Steal money from victims (modify direct deposit information, drain bank accounts)
  • Perform identity theft (run up charges on credit cards, open new accounts)
  • Send spam from compromised email accounts
  • Use your credentials to access other campus systems, attack other systems, steal University data, and jeopardize the mission of the campus

Phishing emails targeting campus want your CalNet credentials. Some attackers will set up fake web sites and send emails with an immediate call-to-action that demands you to "update your account information" or "login to confirm ownership of your account". If you enter your CalNet credentials into these illegitimate web sites you are actually sending your CalNet username and password directly to the attackers.

You can protect yourself from phishing scams

Read our Top 5 Anti-Phishing Tips and get printable Anti-Phishing posters for awareness:

  1. Anti-Phish Tip #1: Passwords in Email = Epic Fail
  2. Anti-Phish Tip #2: If You Didn't Expect It, Reject It
  3. Anti-Phish Tip #3: Hover to Discover
  4. Anti-Phish Tip #4: Check for Trash Before the Slash
  5. Anti-Phish Tip #5: Is it a Phish?

Review the Phish Tank

We post recent examples of Phishing emails targeting Campus

Spread the word about Phishing scams!