Questions about Phishing and how you can protect yourself against these extremely common scams
- What is Phishing?
- How can I identify a Phishing scam?
- Why is understanding the risk of Phishing important?
- What can I do to avoid Phishing attacks?
- Who do I contact if I think my CalNet credentials were compromised?
- How would I know if my CalNet credentials were compromised?
- What if my personal email account, bank account, or other accounts were compromised?
- How do I report a Phishing or suspicious email?
- Do I only need to worry about Phishing attacks via email?
Phishing is a type of attack carried out in order to steal usernames, passwords, credit card information, Social Security numbers, and other sensitive data by masquerading as a trustworthy entity. Phishing is most often seen on campus in the form of malicious emails pretending to be from credible sources such as a UC Berkeley colleague, technology department, or financial organizations related to the university.
By tricking campus users into giving away their information, attackers can:
- Steal money from victims (modify direct deposit information, drain bank accounts)
- Perform identity theft (run up charges on credit cards, open new accounts)
- Send spam from compromised email accounts
Use your credentials to access other campus systems, attack other systems, steal confidential University data, and jeopardize the mission of the campus
The goal of most Phishing emails is to trick you into visiting a web site in order to steal your CalNet credentials. Attackers will set up web sites under their control that look and feel like legitimate web sites. Often the Phishing emails will have an immediate call to action that demands you to "update your account information" or "login to confirm ownership of your account". If you enter your CalNet credentials into these illegitimate web sites you are actually sending your CalNet username and password directly to the attackers.
The first rule to remember is to never give out any personal information in an email. No institution, bank or otherwise, will ever ask for this information via email. It may not always be easy to tell whether an email or website is legitimate and phishing emails are using social engineering tactics to make create sophisticated scams.
- In the body of an email, you might see questions asking you to “verify” or “update your account” or “failure to update your records will result in account suspension.” It is usually safe to assume that no credible organization to which you have provided your information will ever ask you to re-enter it, so do not fall for this trap.
- Any email that asks for your personal or sensitive information should be seriously scoured and not trusted. Even if the email has official logos or text or even links to a legitimate website, it could easily be fraudulent. Never give out your personal information.
Phishing attacks are a constant threat to campus and are becoming increasingly sophisticated. Successful Phishing attacks can:
- Cause financial loss for victims
- Put their personal information at risk
- Put university data and systems at risk
We encourage the UC Berkeley community to take an active role in protecting themselves against phishing attacks. Use our helpful tips in our Fight the Phish campaign to recognize and report phishing attacks.
- If you are worried about an account, call the organization which maintains it (like your bank)
- Check the email address—does it really match the text of the email? Does it match the legitimate email of the organization it is supposed to be tied to?
- Check the security certificate of any website into which you are entering sensitive data. They should usually begin with https:// Some browsers will display padlock symbols in the address and status bars. Anything on a website saying it is safe can be falsified and is not verified by the browser you are using, and so shouldn’t be trusted
- Keep your software current
- Install antivirus software
If you believe your CalNet credentials have been compromised, you must reset your CalNet passphrase immediately.
- Contact the Cal 1 Card Office at 180 Cesar Chavez Center
- Email email@example.com (link sends e-mail) or call (510) 643-6839
FACULTY, STAFF, AFFILIATES, AND GUESTS:
- Contact your CalNet Deputy. Click here to view a list of CalNet Deputies by department.
- Being tricked to giving up your credentials at a real-looking but scam website (AKA Phishing)
- Malware or other compromises of your device which installs software designed to run in the background and steal passphrases
- Re-using CalNet credentials for non-UCB websites, and the non-UCB websites are hacked and all credentials exposed
However, a couple of tell-tale signs of credential compromise are:
- Your colleagues and friends have received unexpected messages from your email account (spam or additional Phishing emails)
- You suddenly cannot login with your CalNet credentials because an attacker has changed your passphrase
- Know how to evaluate whether websites asking for your passphrase are legitimate. When in doubt, ask by sending an email to firstname.lastname@example.org or contacting ITCS at 510-664-9000
- Only use devices that are up-to-date. This means patches for all software are installed as soon as the patches become available, that the browsers are configured for maximum security, and the device otherwise meets the campus Minimum Security Standards for Networked Devices.
- Do not reuse your CalNet passphrase for other websites
If in doubt regarding the security of your CalNet account, change your CalNet passphrase!
When changing your CalNet passphrase, be sure to do so from a machine you believe is not infected by malware or otherwise compromised. Anti-malware and antivirus scans should result in a "clean" report (no infections) for the machine you intend to use to change your CalNet passphrase from.
Note: The Information Security Office is sometimes informed when passwords associated with UC Berkeley accounts are exposed in public forums or discovered during breach investigations. In these cases, we may test the exposed passwords to see if they are valid CalNet passphrase. If the passphrase is validated, it will be scrambled immediately and the account deactivated until the account owner is contacted to create a new passphrase. This testing is done only for validation purposes and is not used for access to the account holder's email or other electronic services.
Please see Why did I get a Credential Exposure notice and what should I do? for information on what to do if you receive an ISO Security notification for exposure of your account credentials.
- Immediately change your passwords for any potentially compromised accounts
Contact your bank or financial advisor to let them know your accounts may be compromised and ask them to put a fraud alert on your accounts
Check your bank and financial statements and credit reports to regularly identify any false charges or suspicious activity
If you believe you are a victim of identity theft, please see the Federal Trade Commission's Immediate Steps to Repair Identity Theft.
Reporting suspicious emails can dramatically reduce the duration and impact of an active phishing attack.
Using the bMail web interface:
- Open the message
- To the right of 'Reply' arrow, select 'More' (typically denoted with three vertical dots)
- Then 'Report phishing'
Reporting through Google allows the email to be blocked from further attacks against and may prevent others from falling victim to the attack.
If you are unable to log into bMail, forward the message to email@example.com or call the ITCS Service Desk at 510-664-9000.
No. Phishing attacks can also occur through phone calls, texts, instant messaging, or malware on your computer which can track how you use your computer and send valuable information to identity thieves. It is important to be vigilant at all times and remain suspicious of sources that ask for your credentials and other personal information.