What can I do to avoid Phishing attacks?

Review these 5 essential tips to avoid being "Phished":

  1. Passwords in Email = Epic Fail. Never send your passwords in an email!
  2. If you didn't expect it, reject it. Don't click unexpected links!
  3. Hover to Discover. Look out for deceptive links!
  4. Check for Trash Before the Slash. Verify "https://auth.berkeley.edu/" in your browser bar before entering CalNet credentials!
  5. Is it a Phish? Drop us a line. 


  • If you are worried about an account, call the organization which maintains it (like your bank)
  • Check the email address—does it really match the text of the email? Does it match the legitimate email of the organization it is supposed to be tied to?
  • Check the security certificate of any website into which you are entering sensitive data. They should usually begin with https:// Some browsers will display padlock symbols in the address and status bars. Anything on a website saying it is safe can be falsified and is not verified by the browser you are using, and so shouldn’t be trusted
  • Keep your software current
  • Install antivirus software