THE TRAP: You are asked to enter your CalNet passphrase on what looks like the standard blue CalNet Authentication page.
YOUR DEFENSE: Always check the actual URL to make sure it starts with "https://auth.berkeley.edu/". Trusted UCB authentication pages will never have anything phishy BEFORE the first single slash. Fraudulent login screens designed to steal your credentials may LOOK authentic if you're not paying attention to the URL.
Good Example: https: //auth.berkeley.edu/cas/login?service
Bad Example: https: //auth.berrkeley.webs.com/cas/login?service
Remember: Only You can Protect your CalNet Passphrase! If you are not sure if it's a phish, send email to firstname.lastname@example.org or call 510 664-9000. For more information see: How to Detect the Authentic CalNet Login Page