This phony Assessment notification was received by many bMail users. It is part of a credential stealing attempt.
What makes this a phishing message?
The senders email is not a @berkeley.edu email, often a @gmail.com, @outlook.com, or netzero.net account.
This targeted phishing scam uses urgency indicating a task to complete.
The target page below is a non-UC Berkeley Google form. Campus users will never be asked to enter their CalNet credentials in any site other than a UC Berkeley CalNet CAS authentication page.
The most recent Frauds have had subject lines like:
- Please Review Your 2025 Assessment Report
- [All Staff] Staff Assessment Reports Aug 25-29
- Evaluation Analysis Reports for Staff Directory – 2025
Tips if Something Seems Off:
- The link leads to a non CalNet CAS page and asked for campus credentials.
- The email was unexpected and from an unknown sender.
- It tries to create an emergency situation to make the recipient act quickly without examining the message.
- The alleged sender claims to be a campus department with authority.
- There is an incentive (raise, promotion, etc.).
Follow up with the sender separately
If you didn’t expect it, reject it. Or follow up with the individual directly in a separate email or call/text to confirm.
Report and/or flag it
- Open the message
- To the right of the 'Reply' arrow select 'More' (typically denoted with three vertical dots)
- Then 'Report phishing'
Original Message:
