Phishing Example: Evaluation of UCRP Benefits for University of California, Berkeley

July 5, 2020

Below is a phishing email currently targeting campus users. These attacks are phishing scams designed to get you to click on a malicious link and/or attempt to gain access to sensitive information.

Tips if Something Seems Off:

Follow up with the sender separately

If you didn’t expect it, reject it. Or follow-up with the individual directly in a separate email or call/text to confirm.

Report and/or flag it

To flag it in bMail open the message and next to Reply click the three dots and select "Report phishing". Not sure if it's a phish? Email or call 510 664-9000. For more information visit

Examples of these types of attacks include:

Original Message:

---------- Forwarded message ---------
From: Holly Judge
Date: Sun, Jul 5, 2020 at 11:50 AM
Subject: Evaluation of UCRP Benefits for University of California, Berkeley
Employee Crook,
Each year, as an employee of University of California, Berkeley you are
eligible to schedule a phone call, teleconference, or in-person meeting off
campus with a representative for answers to your specific state, federal
and individual retirement benefit questions.
At your consultation you will be provided with information on what your
expected income will be from UCRP when you retire, and how much longer you
will have to work. You will also receive advice on the best ways to utilize
your 401(a) options with your UCRP and/or Social Security benefits.
*Please be sure to indicate which type of appointment you prefer
(off-campus, phone call, or teleconference) in the notes section while
scheduling. Please also include your direct cell phone number.*
Appointments fill up quickly. Secure your spot by clicking on the link
below or simply reply “yes” to this email.
http://app.publicemployeeretirementassistance dot com- [Link has been shortened for your safety.] Notice that the site is insecure - not https://
All licensed representatives are not employees of the college or UCRP.
To opt out of future mailings, click on the following link:

Warning:  The links and email addresses included in these messages are from real-life examples, do not attempt to explore them.

The most dangerous links have been removed - you can hover your cursor over these links to see the original address in a pop-up techtip (instead of in the corner of the browser window).

How to report phishing:

  • Open the message

  • To the right of 'Reply' arrow

  • Select 'More' (typically denoted with three vertical dots)

  • Then 'Report phishing'

If you are unable to log into bMail, forward the message to