Phishing Example: bCourses Expiration Notice

January 25, 2017

What makes this a Phishing message?

This phishing message attempted to trick recipients into entering CalNet credentials into a fake CalNet authentication page to prevent access to bCourses from expiring.

The main clue that this is a phishing message is the inordinately long URL address link to bCourses.  If you hold your cursor over the link, you will see that the underlying destination address is not the real bCourses site.

Original Message:

Dear User,

This message is to inform you that your access to bCourses will soon expire. You will have to login to your account to continue to have access to this service.
You need to reactivate it just by logging in through the following URL. A successful login will activate your account and you will be redirected to your bCourses page.


If you are not able to login, please contact Danielle Patel at for immediate assistance.


Danielle Patel
Berkeley Security
University of California, Berkeley

Warning:  The links and email addresses included in these messages are from real-life examples, do not attempt to explore them.

The most dangerous links have been removed - you can hover your cursor over these links to see the original address in a pop-up techtip (instead of in the corner of the browser window).

How to report phishing:

  • Open the message

  • To the right of 'Reply' arrow

  • Select 'More' (typically denoted with three vertical dots)

  • Then 'Report phishing'

If you are unable to log into bMail, forward the message to