Check for Trash Before the Slash
Verify "https://auth.berkeley.edu/" Before Entering CalNet Credentials
THE TRAP: You are asked to enter your CalNet passphrase on what looks like the standard blue CalNet Authentication page.
YOUR DEFENSE: Always check the actual URL to make sure it starts with "https://auth.berkeley.edu/". Trusted UCB authentication pages will never have anything phishy BEFORE the first single slash. Fraudulent login screens designed to steal your credentials may LOOK authentic if you're not paying attention to the URL.
Good Example: https://auth.berkeley.edu/cas/login?service
Bad Example: https://auth.berrkeley.webs.com/cas/login?service
Also, check for the Extended Validation Certificate in the address bar. Look for a long green bar with a padlock followed by our institution’s name: University of California, Berkeley (Regents of the Univ. of CA)[US]
Remember: Only You can Protect your CalNet Passphrase!
Not sure it's a phish? Report it.
Using the bMail web interface:
- Open the message
- To the right of 'Reply' arrow, select 'More' (typically denoted with three vertical dots)
- Then 'Report phishing'
If you are unable to log into bMail, forward the message to firstname.lastname@example.org(link sends e-mail)