We are seeing a spike in sophisticated tactics used to phish for credentials that are then used in concert with other methods to redirect direct deposit routing in UCPath.
These new tactics involve phishing emails, text messages, and highly accurate - but fake - UCPath websites.
What makes these phishing?
This targeted phishing scam impersonates the UC Berkeley Duo Admin to create fear and cause the recipients to act, scanning the QR code, leading to a malicious link.
This targeted phishing scam uses urgency and fear to cause the recipients to act, exposing their personal information.
The sender's email is not a @berkeley.edu email, likely a compromised account from the Austin, TX school district @austinisd.org
The most recent frauds have had subject lines like:
My UC Berkeley profile contact.
New Email Update
Must Read
Important Update
Tips if Something Seems Off:
- UC Berkeley Help Desks will NEVER initiate contact directly via text to personal cell phone numbers.
- No technician will ever ask you to send them a password, DUO push code or other secret account information, especially in an insecure way like plain text email or a text message.
- Double-check the email address before responding. Individual email users (even accounts made to look like berkeley.edu accounts) will never ask for this action.
- If the link is followed, the campus will NEVER ask for credentials to be entered on any site that is not a UCB CAS authentication page.
- Look to make sure the email address is correct. In Gmail hover your mouse over the sender name for the email to display. On a mobile phone or a touchscreen, press and hold the link (don't tap!) to reveal the actual URL. (Look in the bottom left corner of the browser window.)
- Don't click on a link unless it goes to a URL you trust.
- Look at the email before replying. Is it unexpected? Does the request make sense? When in doubt, reach out to the sender, separately, by phone or directly emailing them (not replying to the email).
- The emails that create urgency and fear are usually fake. Scammers may insist that immediate action is necessary and pretend to be a friend, colleague, or another trusted entity
Follow up with the sender separately
If you didn’t expect it, reject it. Or follow up with the individual directly in a separate email or call/text to confirm.
Report and/or flag it
Open the message
To the right of the 'Reply' arrow select 'More' (typically denoted with three vertical dots)
Then 'Report phishing'
For suspicious messages received by text, please take a screenshot and forward the message to phishing@berkeley.edu. For more information visit https://security.berkeley.edu/resources/phishing
Original Messages:
EXAMPLE OF FAKE SPONSORED GOOGLE ADS WITH MALICIOUS SITE REDIRECT:
Example #1:
Example #2:
FROM pattersje@gosiloam.com
Dear Berkeley Team,
We are upgrading our email security to better protect your account. To ensure a seamless transition, please accept the new terms and conditions.
Accept New Terms
hxxps://its.fasoonline.com/berkeley.edu/&adfs/lsXXXXXXX.html
If you have any questions or concerns, please don't hesitate to reach out to our Help Desk team.
Thank you for your cooperation.
Best regards,
University of California, Berkeley
University of California, Berkeley | https://berkeley.edu/