Our office has received a number of reports recently of bogus offers for free or discounted convert tickets offered in UCB student platforms (discord, chatgroups, etc.).
All News
July 25, 2025
July 15, 2025
July 15, 2025: We are starting to see another wave of phishing attacks designed to steal credentials and reroute UCPath Direct Deposit.
What makes these phishing?
The newest fake emails may reference a pending investigation of misconduct, to which they then ask you to enter your CalNet credentials on a very authentic-looking, but fake, CAS page.
May 15, 2025
We are seeing a spike in sophisticated tactics used to phish for credentials that are then used in concert with other methods to redirect direct deposit routing in UCPath.
These new tactics involve phishing emails, text messages, and highly accurate - but fake - UCPath websites.
April 24, 2025
This is a notice from the Information Security Office to alert you of a medium-severity vulnerability that affects the Trellix HX management console for our EDR agent. This vulnerability can only be exploited by manipulating a previously compromised endpoint agent to send a malformed event to the console. The patch was applied to the console, and no change is needed on the endpoints.
April 17, 2025
Unknown parties are sending fake Google Doc Shares with an urgent subject line. They usually refer to lawsuits or debt collection.
The bad actor is using the same Google Doc service, so the 'from' email will be the service email (via Google Drive)" <drive-shares-noreply@google.com>. The name of the sender
"Lаthаm & Wаtkins Dеbt ...
"MоrgɑnLеwis© - Suppоrt...
is made to sound official but is fake.
April 9, 2025
Many bMail account holders have recently received fake messages indicating an ACH Payment or Electronic Fund transfer.
March 13, 2025
The University of California's Cyber-Risk Coordination Center (C3) published its 2024 Annual Report. The report highlights progress in improving cybersecurity across the university. The insights in the report underscore the UC's commitment to staying ahead of emerging threats and continuously improving its cybersecurity posture.
March 11, 2025
We’ve made some changes to our network security setup, which will affect how you experience logging into the campus bSecure VPN.
Why the Change?
-
Better security - This new method allows you to use your preferred browser, so outdated browsers like Internet Explorer (which is no longer supported and receiving security patches) won’t be used.
January 22, 2025
An ineligible former Summer Session student is attempting to contact faculty directly and be added to many bCourses.
What makes this a phishing message?
In the Spring of 2024, a very similar incident occurred. The messages are usually send from an @gmail.com account, but may come from @berkeley.edu emails.
January 21, 2025
This phony Staff Assessment notification was received by many bMail users. It is part of a credential stealing attempt.
What makes this a phishing message?
The senders email is not a @berkeley.edu email, likely a compromised account from the Austin, TX school district @austinisd.org
This targeted phishing scam uses urgency indicating a task to complete.
The target page below is a free Jot webform. campus users will never be asked to enter their CalNet credentials in any site that is not a UCB CAS authentication page.
December 4, 2024
This phony email was sent impersonating a UC Berkeley administrative department. It was attempting to get users to click with a bogus $2,250 financial bonus for eligible faculty and staff.
What makes this a phishing message?
The sender is not an @berkeley.edu sender and the login page is NOT an official CalNet CAS page.
This targeted phishing scam uses financial motivation and curiosity to attempt to get campus affiliates to send their usernames, emails, and passwords.
December 2, 2024
This fake email termination message was received by many users allegedly telling them their campus email account would be suspended.
Commonly used phony subject lines include:
'ADVANCE WARNING'
'***Urgent*** Your Account Will Be Suspended'
'ATTENTION!!! Actin Needed Now'
Tips if Something Seems Off:
UC Berkeley Help Desks will NEVER initiate contact directly via test to personal cell phone numbers
This is a fraudulent offer for a remote assistant position. The scammer will impersonate a real UCB professor or department and try to take the conversation offline to a 'personal email' address.
Common bogus email subject lines include:
'Approved Part - Time Job ( Offer For Staffs & Students )'
'VIRTUAL PERSONAL ASSITANT JOB (REMOTE)'
'**NEW INTERNSHIP OFFER**'
'Internship Opportunities at University of California, Berkeley'
'Research Assistant Position'
November 12, 2024
This fake email was sent to a number of teaching faculty members, alerting them falsely that they were exposed to a student in class with Covid.
What makes this a phishing message?
This targeted phishing scam pretending to be a UC WarnMe Health alert.
This targeted phishing scam uses urgency and fear to cause the recipients to act, the text is also very well done and the non-UCB link is obscured.
Tips if Something Seems Off:
UC Berkeley Help Desks will NEVER initiate contact directly via text to personal cell phone numbers.
October 1, 2024
What makes this a phishing message?
This is a classic 'sextortion' hoax from a random GMail email address.
https://www.bbb.org/article/news-releases/20517-scam-alert-beware-of-sextortion-emails
Tips if Something Seems Off:
The anonymous fraudster is now using leaked home address information to induce more fear in the recipients. The data likely came from a recent data breach, possibly the National Public Data (NPD) data release.
What makes this a phishing message?
This email has been specifically targeting UC Berkeley Executives and asks them to click a link and enter their credentials to review an employee termination agreement.
Tips if Something Seems Off:
The sender name indicates an official Docusign like service, but is allegedly from OnlineSIGN-DOC, EDOC-ReadytoSign, or OnlineSignDESK-Ready.
September 5, 2024
Overview
Every Windows product has a lifecycle, and that lifecycle ends when it no longer receives security updates or fixes, software updates, and/or technical support. On October 14, 2025, Microsoft will discontinue support for the Windows 10 Operating System. Without security patches, these systems will be easy targets for hackers, malware, and viruses.
July 3, 2024
This phony potential Covid contact alert was received by many users sent to their Campus bMail accounts.
What makes this a phishing message?
This targeted phishing scam is using a fake UC Berkeley email address
From: UC Berkeley Alerts <CHI-Information@case.edu>
This targeted phishing scam directs user to a bogus CAS authentication page..
June 11, 2024
This fake email termination notification was received by many users on their personal cell phone numbers via text message.
What makes this a phishing message?
This targeted phishing scam is pretending to be a UC Berkeley technician and uses urgency and fear to cause the recipients to act, threatening loss of service (email).
Tips if Something Seems Off:
UC Berkeley Help Desks will NEVER initiate contact directly via test to personal cell phone numbers
May 7, 2024
This is a notice from the Information Security Office to alert you to a vulnerability that impacts the R programming language. Please share this alert internally with IT admins, service owners, and researchers who run the product so they are aware and know what actions to take to address this vulnerability.
- 1 of 9 Full listing: News (Current page)
- 2 of 9 Full listing: News
- 3 of 9 Full listing: News
- 4 of 9 Full listing: News
- 5 of 9 Full listing: News
- 6 of 9 Full listing: News
- 7 of 9 Full listing: News
- 8 of 9 Full listing: News
- 9 of 9 Full listing: News
- next › Full listing: News
- last » Full listing: News