What makes this a phishing message?
This email has been specifically targeting UC Berkeley Executives and asks them to click a link and enter their credentials to review an employee termination agreement.
Tips if Something Seems Off:
The sender name indicates an official Docusign like service, but is allegedly from OnlineSIGN-DOC, EDOC-ReadytoSign, or OnlineSignDESK-Ready.
When the recipient hovers a cursor over the link, it goes to an unknown third party site. If the link would be clocked, the target will be asked to login and the credentials will be stolen.
Report and/or flag it
Open the message
To the right of the 'Reply' arrow select 'More' (typically denoted with three vertical dots)
Then 'Report phishing'
For suspicious messages received by text, please take a screen shot and forward the message to phishing@berkeley.eduFor more information visit https://security.berkeley.edu/resources/phishing
Original Message:
From: "Ready-forSignature[Doc-En3cmMFF]" <hello@uniautocleaning.co.nz>
Date: Wed, 18 Sep 2024 00:30:47 AM
Subject: <recipients email here> [Confidential]-Review Termination Agreement[Doc-Ff5mtln9].
