Phishing Examples Archive

What makes this a phishing message?

This is a classic 'sextortion' hoax from a random GMail email address.

This phony potential Covid contact alert was received by many users sent to their Campus bMail accounts.

What makes this a phishing message?

This targeted phishing scam is using a fake UC Berkeley email address

What makes this a phishing message?

This targeted phishing scam impersonates the UC Berkeley faculty member or campus lab manager.

What makes this a phishing message?

This targeted phishing scam impersonates the UC Berkeley Duo Admin to create fear to cause the recipients to act, scanning the QR code which leads to a malicious link.

Attention recipient , We have received your request to terminate your email account below, and the request will be concluded within 12hours from now.

Welcome Subscriber; Your Annual membership for NORTON 360 TOTAL PROTECTION has been renewed and updated successfully. The amount charged will be reflected within the next 24 to 48 hrs on your profile of account. Product Information: INVOICE NO. @ GGH1644259106OV ITEM NAME @ NORTON 360 TOTAL PROTECTION START DATE @ 2022 Feb 07 END DATE @ 1 year from START DATE GRAND TOTAL @ $240.42 USD PAYMENT METHOD @ Debit from account If you wish to not to continue subscription and claim a REFUND then please feel free to call our Billing Department as soon as possible. You can Reach us on : +1 – ( 803 ) – ( 598 ) – 4473 Regards, Billing Department SP

Using several different emails to send from and various subject lines, this attacker used the name of an actual Berkeley professor to send out a call for remote assistant work.

Dear Student, We got your contact through your school database and I'm happy to inform you that our reputable company Cisco Systems Inc® is currently running a student empowerment program. This program is to help devoted and hardworking students secure a part time job which does not deter them from doing any other, you just need a few hours to do this weekly and with an attractive weekly wages. KINDLY EMAIL BACK WITH YOUR PERSONAL EMAIL ADDRESS IF INTERESTED IN THIS JOB POSITION.

Hi Student, I am Dr Ralph Abraham, I feel comfortable discussing this WORK- STUDY opening with you since you were referred by the university chamber of commerce. I am very busy, that is why I have asked for your help as my temporary personal assistant. I provide individual and group therapy, coaching, assessment and many University students with academic difficulties and no prior diagnosis are seen and assessed through the academic screening and assessment process.

Berkeley University of California is seeking an Research Assistant / services of a competent Undergraduate Student Administrative Assistant to work Part-time and get paid $350 weekly. Tasks will be carried out remotely. If interested, Do text your name to (808) 378-1179 so as to proceed Bernhard Boser Professor, (808) 378-1179. 490A Cory Hall

This is to inform you that your laboratory result is ready. You can access your results via the following link: https://results.pmhlaboratoXXXXXXXXX.html(link is external) You must provide your NAME and DATE OF BIRTH in addition to the following code in order to see the report: POP UP BLOCKERS MUST BE DISABLED TO DOWNLOAD PDF REPORTS Patient Initials: A.B. Access code: 8625150102

matbrown19732@gmail.com has shared the following document: DC.docx [image: Unknown profile photo]Jim Knowlton shared a file with you Open matbrown19732@gmail.com is outside your organization. Google Drive: Have all your files within reach from any device. Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA [image: Logo for Google Drive]

Updated May 11, 2021:

UCOP Notice to UC Community: https://ucnet.universityofcalifornia.edu/data-security/index.html

Security Notice! Dear XXXX, Our security system has detected some irregular activity connected to your account. you will be unable to send and recieve emails until this issue has been resolved CLICK HERE TO VALIDATE NOW To prevent further irregular activity we will restrict access to your account within 72 hours if you did not validate your account. *Note:* Mail Administrator will always keep you posted of security updates. Mail Admin

Google Forms Jim Knowlton invited you to fill out a form: 2020 FACULTY EVALUATION Designed for Microsoft and Office 365 users only FILL OUT FORM hxxps://docs.google.com/forms/d/e/1FAIpQLSfUCvno3DdViZI24_kfsFi7EPalW7aAMJIAZvsGCzvvrQX_Ew/viewform?vc=0&c=0&w=1&flr=0&usp=mail_form_link Create your own Google Form

, I will come to Uc Regents; soon and send your request about 2 weeks of vacation and payments to you. Very sorry. Open this recourse to preview the document (if the link doesn't work, copy it and paste to browser): hxxps://docs.google.com/document/d/e/2PACX-1vQeBPGXB5xGJ9m7RA7RGTEFgpWSAbr-nlOeOYerk4PG0IM_-6b148qM8RUERKw1GhKG5Z5rQpiUaSEF/pub Outsourcing director notice

Dear berkeley.edu member, As a precautionary measure we have restricted access to your account until your validate has been changed . To prevent further irregular activity, you will be unable to send out any emails unties issue has been resolved To fix security info, click below to validate.

Hello, How are you doing today? This is Barnes Beckwith. I saw your contact at the University of California, Berkeley, Department of East Asian Languages and Literatures under the Directory's portal. I seek a private beginner's language tutor for my Daughter. I would like to know if you have a STUDENT/TUTOR available for the job. As you will be unable to teach her owing to your BUSY SCHEDULE/STATUS, you can RECOMMEND one of your STUDENT(s) who is capable of teaching. Due to the Covid-19 Pandemic, the teaching could be done remotely. This depends on the tutor's directive. Looking forward to hearing from you.

Employee Crook, Each year, as an employee of University of California, Berkeley you are eligible to schedule a phone call, teleconference, or in-person meeting off campus with a representative for answers to your specific state, federal and individual retirement benefit questions. At your consultation you will be provided with information on what your expected income will be from UCRP when you retire, and how much longer you will have to work. You will also receive advice on the best ways to utilize your 401(a) options with your UCRP and/or Social Security benefits. *Please be sure to indicate which type of appointment you prefer (off-campus, phone call, or teleconference) in the notes section while scheduling. Please also include your direct cell phone number.*

Dear students, Berkeley University Of California health professionals have been closely monitoring the spread of COVID-19 over the past two months.Therefore the university is organizing an online part time job to sustain the students living.I'm happy to inform you that our reputable company CORESTAFF SERVICES Inc®,is currently running a student empowerment program. KINDLY EMAIL BACK WITH YOUR PERSONAL EMAIL ADDRESS IF INTERESTED IN THIS JOB POSITION. Kind Regards Donna Lisa HR Manager/Consultant CORESTAFF SERVICES Inc®

Dear Student, We got your contact through your school database and I'm happy to inform you that our reputable company Cisco Inc® is currently running a student empowerment program. This program is to help devoted and hardworking students secure a part time job which does not deter them from doing any other, you just need a few hours to do this weekly and with an attractive weekly wages. KINDLY EMAIL BACK WITH YOUR ALTERNATE EMAIL ADDRESS IF INTERESTED IN THIS JOB POSITION.

Are you available ? No calls text only 9513072XXX BEST REGARDS Carol T Christ Chancellor Berkeley University of California

This call is from the Department of Social Security Administration. The reason you have received this phone call from our department is to inform you that we just suspend your Social Security number because we found some suspicious activity, so if you want to know more about it just press 1, thank you.

XXX has invited you to view the following document: Open in Docs

Dear Student, Your access to your library account is expiring soon due to inactivity. To continue to have access to the library services, you must reactivate your account. For this purpose, click the web address below or copy and paste it into your web browser. A successful login will activate your account and you will be redirected to your library profile. https://auth.berkeley.edu/cas/login?service=https%3a%2f% If you are not able to login, please contact at xxxxx@berkeley.edu for immediate assistance.

A targeted phishing message was received on campus appearing as an expiration notice for access to bCourses. The message attempted to trick recipients to login with CalNet credentials to prevent access expiration

Dear Customer, We could not deliver your item. You can review and print complete details of shipping duty on your order. Thanks

Dear User, Someone else was trying to use your Berkeley ID to sign into iCloud via a web browser. Date and Time: 28 October 2016, 1:38 PM Browser: Firefox Operating System: Windows Location:Thailand If the information above looks familiar, you can disregard this email. If you have not recently and believe someone may be trying to access your account, you should Click Here . Sincerely, Technical Support Team

Hello, Please sign the attached contract with our technical service company for 2016 � 2017. We would appreciate your quick response. King regards, Cynthia Curtis (Digital-Signature: f0a0e01386d19b03736165288026cc97e325560c78700e95)

Dear User, This message is to inform you that your access to bCourses will soon expire. You will have to log in to your account to continue to have access to this service. You need to reactivate it just by logging in through the following URL. A a successful login will activate your account, and you will be redirected to your bCourses page. http://bcourses.berkeley.cnea.gq/login_0DZbL4B22o0ki22F0IZotK2LqgZijDXvf... If you are not able to login, please contact Mary Patel at mpatel@berkeley.edu for immediate assistance. Sincerely, Mary Patel Berkeley Security University of California, Berkeley 510-643-6927 mpatel@berkeley.edu

A phishing message purporting to be from the International Rescue Committee regarding IT maintenance has been circulating on campus. The message requests that the recipient upgrade their mailbox size by selecting a link that redirects to a malicious website.

We detected unknown IP access on our date base computer system our security requires you to verify your account for secure security kindly Click Here and verify your account. ​ Help Desk​

I need all our employee's reference copies of 2015 W-2 wages and tax statement, i am working on a review and if you can work on the W2's and have it sent to me as an attachment this morning that will be splendid. Via email would be appropriate. Regards. Janet Napolitano.

Your password will expire in 2 days, Click Here to re-change your password immediately. Thank you, IT- Help Desk SEED IS PROUD TO BE A 21st CENTURY COMMUNITY LEARNING CENTER. LEGAL DISCLAIMER - The information contained in this communication (including any attachments) may be confidential and legally privileged. This email may not serve as a contractual agreement unless explicit written agreement for this purpose has been made. If you are not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication or any of its contents is strictly prohibited. If you have received this communication in error, please re-send this communication to the sender indicating that it was received in error and delete the original message and any copy of it from your computer system.

This is an urgent request to update your employment record at the U.S Department of Labor.

Dear xxx@berkeley.edu Your parcel (shipping document) arrived at the post office. Here is your Shipping Document/Invoice and copy of DHL receipt for your tracking which includes the bill of lading and DHL tracking number, the new Import/Export policy supplied by DHL Express. Please kindly check the attached to confirm accordingly if your address is correct, before we submit to our outlet office for dispatch to your destination. Label Number: E727D5151D Class: Package Services Service(s): Delivery Confirmation Status: eNotification sent Find attached the full statement information and a full list of outstanding Invoices. Your item will arrive in two (2) days time, and within the agreed credit term as stated on your Invoice. We would like to thank you for using the services of DHL Express. Read the enclosed file for details.

Dear Dr.