Below is a widely used spear phishing scam, termed “Business Email Compromise (BEC)" or otherwise known as CEO Fraud. These attacks are spear phishing scams designed to impersonate someone you know in an attempt to gain access to sensitive information or to encourage you to transfer funds or provide gift cards.
Tips if Something Seems Off:
Double-check the email address before responding
Look to make sure the email address is correct. In Gmail hover your mouse over the sender name for the email to display. On a mobile phone or a touchscreen, press and hold the link (don't tap!) to reveal the actual URL. (Look in the bottom left corner of the browser window.) Don't click on a link unless it goes to a URL you trust.
Follow up with the sender separately
If you didn’t expect it, reject it. Or follow-up with the individual directly in a separate email or call/text to confirm.
Report and/or flag it
To flag it in bMail open the message and next to Reply click the three dots and select "Report phishing". Not sure if it's a phish? Email consult@berkeley.edu(link sends e-mail) or call 510 664-9000. For more information visit https://security.berkeley.edu/resources/phishing
Examples of these types of attacks include:
Original Message:
|
From: cchristberkeley.edu@gmail.com No calls text only 9513072XXX BEST REGARDS Carol T Christ Chancellor Berkeley University of California |
Original Message (Additional Examples):
|
From: XXX.subdomain.berkeley.edu
|
|
From: xxx@gmail.com
|