Phishing Example: Library Account

April 1, 2017

What makes this a Phishing message?

This email message was well crafted to fool recipients into logging into a forged CalNet authentication site to steal their credentials.  It appeared to come from an authentic campus email address, and the instructions are clearly written, without the tell-tale typos or grammatical errors usually found in phishing messages.

The link to the fake CalNet site is made to appear to be the real site (https://auth.berkeley.edu), but if you hover your cursor over the link, the actual hidden URL address is for a site registered in Mali.

Keep in mind when receiving emails like this that cyber criminals can easily forge an email address to appear to come from someone else, or disguise a link so it appears to be safe.

Original Message:

From: <NAME REMOVED>
Date: Sat, Apr 1, 2017 at 2:09 PM
Subject: Library Account
To: xxxxx@berkeley.edu


Dear Student,

Your access to your library account is expiring soon due to inactivity. To
continue to have access to the library services, you must reactivate your
account. For this purpose, click the web address below or copy and paste it
into your web browser. A successful login will activate your account and
you will be redirected to your library profile.

https://auth.berkeley.edu/cas/login?service=https%3a%2f%


If you are not able to login, please contact <Name Removed> at
xxxxx@berkeley.edu for immediate assistance.

Sincerely,

<Name Removed>
University Library
University of California Berkeley

Warning:  The links and email addresses included in these messages are from real-life examples, do not attempt to explore them.

The most dangerous links have been removed - you can hover your cursor over these links to see the original address in a pop-up techtip (instead of in the corner of the browser window).

Report suspected phishing emails to consult@berkeley.edu.  Be sure to include the entire text of the message, including the email header.