July 15, 2025: We are starting to see another wave of phishing attacks designed to steal credentials and reroute UCPath Direct Deposit.
What makes these phishing?
The newest fake emails may reference a pending investigation of misconduct, to which they then ask you to enter your CalNet credentials on a very authentic-looking, but fake, CAS page.
Odd URLs ending with /auth.berkeley.edu.
- proplas[.]ca/auth.berkeley.edu
- satisartirmamerkezi[.]com/auth.berkeley.edu
- img2.juvlon[.]com/auth.berkeley.edu
The most recent frauds have had subject lines like:
- Compliance Notice – Review of Submitted Misconduct Incident
- Classroom Misconduct Report – Acknowledgment Required
- Confidential Misconduct Activity Report - Action Requested
Tips if Something Seems Off:
- Don't click on a link unless it goes to a URL you trust.
- Look at the email before replying. Is it unexpected? Does the request make sense? When in doubt, reach out to the sender, separately, by phone or directly emailing them (not replying to the email).
- The emails that create urgency and fear are usually fake. Scammers may insist that immediate action is necessary and pretend to be a friend, colleague, or another trusted entity
Follow up with the sender separately
If you didn’t expect it, reject it. Or follow up with the individual directly in a separate email or call/text to confirm.
Report and/or flag it
Open the message
To the right of the 'Reply' arrow select 'More' (typically denoted with three vertical dots)
Then 'Report phishing'
For suspicious messages received by text, please take a screenshot and forward the message to phishing@berkeley.edu. For more information visit https://security.berkeley.edu/resources/phishing
Original Messages:
Example #1:
From: "Lobachev, Kirill S" <kirill.lobachev@biology.gatech.edu
Subject: Confidential Misconduct Activity Report - Action Requested
Date: July 14, 2025 at 9:23:37 PM PDT
Greetings Professor,
I hope this message finds you well. A recent administrative summary submitted to our office includes a mention of one of your recent lectures. While no further steps are being taken at this time, we ask that you review the overview and confirm acknowledgment of the university’s instructional standards.
To view the summary, please visit the following link:
[Review Document <https://img2[.]juvlon.com-/auth.berkeley.edu/]
Additional information:
This communication is intended for internal university review only.
You are not the focus of the entry, though your name is included in context.
The review is part of our ongoing instructional review cycle.
We appreciate your prompt attention to this matter, which supports our standard academic procedures.
Please feel free to reply to this message if you have any questions or encounter access issues.
Sincerely,
Kirill Lobachev
Office of Student-Faculty Relations
Academic Standards Committee
University of California, Berkeley
Example #2:
From: Azzouni, Jody <Jody.Azzouni@tufts.edu>
Date: Mon, Jul 14, 2025 at 6:31 AM
Subject: Compliance Notice – Review of Submitted Misconduct Incident Report
Dear Professor,
A classroom report recently submitted to our office includes a reference to
one of your lectures. While no formal investigation is being initiated, we
ask that you review the summary and acknowledge the university’s Faculty
Code of Conduct guidelines in accordance with our standard process.
View Report Summary
[Access Report <https://proplas[.]ca-/auth.berkeley.edu/>]
Important Notes:
This report is for internal use only and should not be printed or shared.
You are not the subject of the concern, but your name may appear
contextually.
Reviewing this material is part of our routine oversight process.
Completing this step helps ensure ongoing instructional eligibility and
supports transparency across the academic environment.
If you have questions or encounter access issues, please don’t hesitate to
reply.
Sincerely,
Jody Azzouni
Office of Student-Faculty Relations
Academic Standards Committee
University of California, Berkeley