Phishing Example: Part time work assistant needed

October 30, 2019

What makes this a phishing message?

This very simple, but effective, targeted phishing scam used the name of an actual Berkeley professor to send out a call for part time assistant work. The cyber criminal responsible for this attack even used the professor's real office information in the signature. 

There are a few clues that the message is a forgery:

  • The criminal is sending from a gmail.com account instead of an @berkeley.edu address
  • The grammar and sentence structure is poor

Remember: 

  • If you receive a email containing a message that you did not expect, especially with words like "Urgent" or "Response Needed" do not engage. 
  • If the email is unsolicited and offering money, do not engage
  • If you are ever unsure if an email is legitimate, please reach out to security@berkeley.edu

If you have received this message and shared correspondence with the scammer, we recommend that you cease correspondence immediately and contact UCPD if there has been any financial transactions.

Original Message:

From: David Card <dvdmson @ gmail . com>
To: RECIPIENT
Date: Sat, Oct 19, 2019 at 2:22 PM 
Subject: ******Part time home work assistant needed******


Hello RECIPIENT

I am urgently seeking for a Clerical/Administrative Assistant to 
work for me on campus at their own free time while I am away on my work and 
earn basic wage $250 weekly.This is a flexible job that requires little to 
no prior experience .Let me know you are interested and I will fill you in.
Sincerely  
*Professor David Card*
*Department of Economics*
*530 Evans Hall #3880*
*University of California Berkeley*
*Berkeley, CA*

Warning:  The links and email addresses included in these messages are from real-life examples, do not attempt to explore them.

The most dangerous links have been removed - you can hover your cursor over these links to see the original address in a pop-up techtip (instead of in the corner of the browser window).

How to report phishing:

  • Open the message

  • To the right of 'Reply' arrow

  • Select 'More' (typically denoted with three vertical dots)

  • Then 'Report phishing'

If you are unable to log into bMail, forward the message to phishing@berkeley.edu