What is Phishing?

Phishing is a type of attack carried out in order to steal usernames, passwords, credit card information, Social Security numbers, and other sensitive data by masquerading as a trustworthy entity. Phishing is most often seen on campus in the form of malicious emails pretending to be from credible sources such as a UC Berkeley colleague, technology department, or financial organizations related to the university.

By tricking campus users into giving away their information, attackers can:

  • Steal money from victims (modify direct deposit information, drain bank accounts)
  • Perform identity theft (run up charges on credit cards, open new accounts)
  • Send spam from compromised email accounts
  • Use your credentials to access other campus systems, attack other systems, steal confidential University data, and jeopardize the mission of the campus

The goal of most Phishing emails is to trick you into visiting a web site in order to steal your CalNet credentials. Attackers will set up web sites under their control that look and feel like legitimate web sites. Often the Phishing emails will have an immediate call to action that demands you to "update your account information" or "login to confirm ownership of your account". If you enter your CalNet credentials into these illegitimate web sites you are actually sending your CalNet username and password directly to the attackers.