Phishing Example: Message from human resources

April 13, 2017

What makes this a Phishing Message?

The cyber criminal responsible for this phishing scam put some effort into making this email message appear to be legitimate.  The sender email address has been faked to appear to come from the campus HR department and the document link led to a fake Calnet login page.  There is one clue that the message is a forgery:

  • If you hold your mouse cursor over the "Click here" link, you can see that the destination is not the real Calnet login page (https://auth.berkeley.edu).

Two things to remember in this situation:

Original Message:

From: "HR@berkeley.edu" <HR@berkeley.edu>
Subject: Message from human resources
Date: April 13, 2017 at 9:29:54 PM PDT
To: XXXXX@berkeley.edu

Dear XXXXX@berkeley.edu

An information document has been sent to you by the Human Resources Department.

Click here to Login to view the document.  Thank you!

Berkeley University Of California HR Department
© 2017 The Regents of the University of California.  All rights reserved.
-----------------------------------------------------------------------------------------------------------------------------------------------------------
CONFIDENTIALITY NOTICE: This email and any attachments may contain confidential information that is protected by law and is for the sole use of the individuals or entities to which it is addressed. If you are not the intended recipient, please destroying all copies of the communication and attachments. Further use, disclosure, copying, distribution of, or reliance upon the contents of this email and attachments is strictly prohibited.

Warning:  The links and email addresses included in these messages are from real-life examples, do not attempt to explore them.

The most dangerous links have been removed - you can hover your cursor over these links to see the original address in a pop-up techtip (instead of in the corner of the browser window).

How to report phishing:

  • Open the message

  • To the right of 'Reply' arrow

  • Select 'More' (typically denoted with three vertical dots)

  • Then 'Report phishing'

If you are unable to log into bMail, forward the message to phishing@berkeley.edu