April 1, 2017
What makes this a Phishing message?
This email message was well crafted to fool recipients into logging into a forged CalNet authentication site to steal their credentials. It appeared to come from an authentic campus email address, and the instructions are clearly written, without the tell-tale typos or grammatical errors usually found in phishing messages.
The link to the fake CalNet site is made to appear to be the real site (https://auth.berkeley.edu), but if you hover your cursor over the link, the actual hidden URL address is for a site registered in Mali.
Keep in mind when receiving emails like this that cyber criminals can easily forge an email address to appear to come from someone else, or disguise a link so it appears to be safe.
Original Message:
From: <NAME REMOVED> Date: Sat, Apr 1, 2017 at 2:09 PM Subject: Library Account To: xxxxx@berkeley.edu Dear Student, Your access to your library account is expiring soon due to inactivity. To continue to have access to the library services, you must reactivate your account. For this purpose, click the web address below or copy and paste it into your web browser. A successful login will activate your account and you will be redirected to your library profile. https://auth.berkeley.edu/cas/login?service=https%3a%2f% If you are not able to login, please contact <Name Removed> at xxxxx@berkeley.edu for immediate assistance. Sincerely, <Name Removed> University Library University of California Berkeley |
