What makes this a Phishing message?
The header information is missing from this message, so there is not much here that might help identify this email as fraudulent. A couple of clues do stand out:
- Instructions from IT Support or Security requesting for you to click on a link and enter credentials to prevent your access from expiring is a very common ploy to trick users into exposing their account name and password. Don't fall for it.
- The URL link is highly suspicious and dangerous:
- The top-level domain of the host "bcourses.berkeley.cnea.gq" is from Equatorial Guinea.
- The long list of characters following "login" is unusual and should alert the recipient that something is amiss.
- The URL link leads to a login page that looks exactly like the Calnet login - but it is a fake that is designed to steal your account name and password.
- If you search the campus directory, you will find there is no Mary Patel in Security.
This message is to inform you that your access to bCourses will soon
You need to reactivate it just by logging in through the following URL. A
If you are not able to login, please contact Mary Patel at firstname.lastname@example.org for immediate