What makes this a phishing message?
This very simple, but effective, targeted phishing scam used a fake job offer to establish rapport with recipients and collect personal information.
There are a few clues that the message is a forgery:
- The criminal is sending from an outlook.com account instead of an @berkeley.edu address
- The email is poorly written and contains grammatical errors
Tips if Something Seems Off:
Double-check the email address before responding
Look to make sure the email address is correct. In Gmail hover your mouse over the sender name for the email to display. On a mobile phone or a touchscreen, press and hold the link (don't tap!) to reveal the actual URL. (Look in the bottom left corner of the browser window.) Don't click on a link unless it goes to a URL you trust.
Follow up with the sender separately
If you didn’t expect it, reject it. Or follow-up with the individual directly in a separate email or call/text to confirm.
Report and/or flag it
Open the message
To the right of 'Reply' arrow
Select 'More' (typically denoted with three vertical dots)
Then 'Report phishing'
If you are unable to log into bMail, forward the message to firstname.lastname@example.org For more information visit https://security.berkeley.edu/resources/phishing
From: Revin Huck <email@example.com>
Subject: BILL No. GGH1644259106OV
Date: February 7, 2022 at 10:39:39 AM PST
Your Annual membership for NORTON 360 TOTAL PROTECTION has been renewed
and updated successfully.
The amount charged will be reflected within the next 24 to 48 hrs on
your profile of account.
INVOICE NO. @ GGH1644259106OV
ITEM NAME @ NORTON 360 TOTAL PROTECTION
START DATE @ 2022 Feb 07
END DATE @ 1 year from START DATE
GRAND TOTAL @ $240.42 USD
PAYMENT METHOD @ Debit from account
If you wish to not to continue subscription and claim a REFUND then
please feel free to call our Billing Department as soon as possible.
You can Reach us on : +1 – ( 803 ) – ( 598 ) – 4473