PHISHING EXAMPLE: English Dept. (Prof. Duncan) Job Offers

January 19, 2022

What makes this a phishing message?

This very simple, but effective, targeted phishing scam used the name of an actual Berkeley professor to send out a call for research assistant work, with the intention of stealing money from the victims.

There are a few clues that the message is a forgery:

  • The criminal is sending from a account instead of an address
    • a sample of the emails used:

  • The criminal also used several different subject lines including:

University of California
University of California Berkeley
Re: RA position
Re: Research position
Re: Student RA Application
Urgent Reply Is needed


  • If you receive an email containing a message that you did not expect, especially with words like "Urgent" or "Response Needed" do not engage. 
  • If the email is unsolicited and offers money, do not engage.
  • If you are ever unsure if an email is legitimate, please reach out to

If you have received one of these messages and shared correspondence with the scammer, we recommend that you cease correspondence immediately and contact UCPD if there have been any financial transactions.

Original Message:

From: Various
Subject: Various

University of California, Berkeley. Dept English urgently requires the

services of student research assistants to work remotely and get paid $
350 weekly.

The research position is open to students from any department of the
institution and tasks can be carried out remotely.
To proceed with the application process, contact Dr.Ian Duncan on
(415)763-5246* via text message stating your full name, email address,
year of study, and department to receive the job description and further
application requirements.

Best regards

Ian Duncan(Professor)

English Department
University of California, Berkeley

*Alternate phone number used:
contact Dr.  Ian Duncan on  (408) 389-0149

Warning:  The links and email addresses included in these messages are from real-life examples, do not attempt to explore them.

The most dangerous links have been removed - you can hover your cursor over these links to see the original address in a pop-up techtip (instead of in the corner of the browser window).

How to report phishing:

  • Open the message

  • To the right of 'Reply' arrow

  • Select 'More' (typically denoted with three vertical dots)

  • Then 'Report phishing'

If you are unable to log into bMail, forward the message to