Frequently Asked Questions - Phishing

Questions about Phishing and how you can protect yourself against these extremely common scams

How would I know if my CalNet credentials were compromised?

You may not always know. Scams and malware that steal passwords are designed to be stealthy and unnoticed.
 
Passwords are most frequently compromised one of three ways:
  • Being tricked to giving up your credentials at a real-looking but scam website (AKA Phishing)
  • Malware or other compromises of your device which installs software designed to run in the background and steal passphrases
  • Re-using CalNet credentials for non-UCB websites, and the non-UCB websites are hacked and all credentials exposed

Who do I contact if I think my CalNet credentials were compromised?

If you believe your CalNet credentials have been compromised, you must reset your CalNet passphrase immediately.

STUDENTS:

Why is understanding the risk of Phishing important?

Phishing attacks are an ongoing threat to campus and are becoming increasingly sophisticated. Successful Phishing attacks can cause financial loss for victims and put their personal information at risk. 

What is Phishing?

Phishing is a type of attack carried out in order to steal usernames, passwords, credit card information, Social Security Numbers, and other sensitive data by masquerading as a trustworthy entity. Phishing is most often seen on campus in the form of malicious emails pretending to be from credible sources such as UC Berkeley technology departments or financial organizations related to the university.

By tricking campus users into giving away their information, attackers can:

How can I identify a Phishing scam?

The first rule to remember is to never give out any personal information in an email.  No institution, bank or otherwise, will ever ask for this information via email.  It may not always be easy to tell whether an email or website is legitimate and phishing emails are using social engineering tactics to make create sophisticated scams.

What if my personal email account, bank account, or other accounts were compromised?

  • Immediately change your passwords for any potentially compromised accounts
  • Contact your bank or financial advisor to let them know your accounts may be compromised and ask them to put a fraud alert on your accounts
  • Check your bank and financial statements and credit reports to regularly identify any false charges or suspicious activity

How do I report a Phishing or suspicious email?

If you receive an email you are not sure about, forward the suspicious email -- don't reply -- to consult@berkeley.edu or call the ITCS Service Desk at 510-664-9000. The email can be blocked from the campus system to prevent others from falling victim to the Phishing attack.

Do I only need to worry about Phishing attacks via email?

No.  Phishing attacks can also occur through phone calls, texts, instant messaging, or malware on your computer which can track how you use your computer and send valuable information to identity thieves. It is important to be vigilant at all times and remain suspicious of sources that ask for your credentials and other personal information.