What makes this a Phishing message?
This message is a somewhat clever attempt to fool the recipient, claiming that there may have been some unauthorized account access from Thailand. The sender address has been forged to appear to come from CSS-IT. Without looking at this message closely, the following clues could be missed:
- The subject line "Email Account Upgrade" has nothing to do with the warning contained in the message.
- The generic greeting "Dear User" is suspicious - a notification concerning unauthorized account access should be directed to a person by name, and the term "Dear" is inappropriate.
- A campus account is referred to as a "CalNet ID", not a "Berkeley ID".
- The "Click Here" short URL link is highly suspicious - never trust a short link that obfuscates the true link destination.
A recipient who read this message in haste could easily click on the link, which likely leads to a site that silently transfers malware to their computer.
Subject: Email Account Upgrade
Date: 10/28/2016 4:38 PM
Someone else was trying to use your Berkeley ID to sign into iCloud via a web browser.
Date and Time: 28 October 2016, 1:38 PM