Phishing is a type of attack carried out to steal usernames, passwords, credit card information, Social Security Numbers, and other sensitive data. Phishing is most often seen in the form of malicious emails pretending to be from credible sources such as UC Berkeley technology departments or organizations related to the university.
Attackers can use this information to:
- Steal money from victims (modify direct deposit information, drain bank accounts)
- Perform identity theft (run up charges on credit cards, open new accounts)
- Send spam from compromised email accounts
- Use your credentials to access other campus systems, attack other systems, steal University data, and jeopardize the mission of the campus
Phishing emails targeting campus want your CalNet credentials. Some attackers will set up fake web sites and send emails with an immediate call-to-action that demands you to "update your account information" or "login to confirm ownership of your account". If you enter your CalNet credentials into these illegitimate web sites you are actually sending your CalNet username and password directly to the attackers.