A default setting in bCal may allow anyone from the internet to add you to a Google Calendar invite. This is being used to create fake spam meetings or include potentially malicious links or attachments. Any links included are as dangerous as the ones that would have been included in a phishing email.
What makes this a phishing message?
The non UC Berkeley senders are sourcing @berkeley.edu email addresses and creating the fake meeting, including subjects like:
- Bitcoin Purchase
- Payment Overdue
- McAfee Subscription Charge
Tips if Something Seems Off:
If you do not recognize the meeting organizer, their email address, or the subject, the meeting is likely fake. Also, be careful not to click on any links or attachments in the invite.
To secure your campus bCal calendar
- Open your bCal/Google calendar.
- Click the gear icon in the upper right corner, then choose settings.
- On the menu on the left, click "Event settings".
- Look for the "Add invitations to my calendar" option.
- Change this to a more secure setting; either "Only if the sender is known".
To 'Report this type of phishing'
For suspicious bCal meetings, please take a screen shot and send it via email to phishing@berkeley.edu.
For more information on phishing in general
Original Message:
