What makes this a Phishing message?
This one is a classic example of how CalNet credentials are often compromised:
- The link in the message redirects the user to a counterfeit CalNet login page
- Recipient enters their CalNet ID and passphrase
- Their credentials are then in the hands of the bad guys
Several people fell for this phish, and soon after experienced tampering with their direct deposit payroll accounts. If you fall for an exploit like this one, change your CalNet passphrase immediately.
Some things to notice about this message that indicates it's a fake - aside from the poor grammar and run-on sentences:
- The message is not signed by a real person to indicate who it is from
- If you hover your cursor over the "Click Here" link, the URL address is an obvious give-away - it is not the address to the CalNet login page
The correct CalNet login page address is always https://auth.berkeley.edu.
From: ESSW2@berkeley.edu <firstname.lastname@example.org>
Subject: IMPORTANT TAX RETURN DOCUMENT AVAILABLE
Dear: Account Owner,
Our records indicate that you are enrolled in the University of California paperless W2 Program. As a result, you do not receive a paper W2 but instead receive e-mail notification that your online W2 (i.e. "paperless W2") is prepared and ready for viewing.
Your W2 is ready for viewing under Employee Self Service. Logon at the following link:
Click Here to Logon
If you have trouble logging in to Employee Self Service at the link above, please contact your Payroll Department for support.
If you would like to un-enroll in the Paperless W2 Program, please logon to Employee Self Service at the link above and go to the W2 Delivery Choice webpage and follow the instructions.