What makes this a Phishing message?
A large number (2000+) campus email accounts received a phishing email that appeared to come from Chancellor Dirks. This malicious email contained a PDF attachment, which contained a link to a site for providing personal information, including username and password, to the attacker. As far as we can tell, the attachment was not infected with malware, but out of caution please delete any copies of this email without opening the attachment.
Please note a couple of suspicious indicators in the message:
- The return address for Chancellor Dirks is for a mysterious email account from a domain outside of "berkeley.edu".
- There is no recipient address in the "To:" field, indicating the message was "blind carbon-copied" to the intended victims.
If you or anyone you support opened the attachment, followed the link and provided the requested information, please contact firstname.lastname@example.org for assistance.
|From: Nicholas B. Dirks <email@example.com>
Date: Wed, Dec 14, 2016 at 8:55 AM
Subject: Important Announcement from Chancellor Nicholas B. Dirks
Please read attached for an important announcement from Chancellor Nicholas B. Dirks
Nicholas B. Dirks
1 attachment: shared Document.pdf