Phishing Example: RE: staff opinion

November 30, 2020

These are targeted and simple forms of phishing emails designed to get victims to click on a fake Google Forms link that contains malicious content.

Tips if Something Seems Off:

Double-check the email address before responding

Look to make sure the email address is correct. In Gmail hover your mouse over the sender name for the email to display. On a mobile phone or a touchscreen, press and hold the link (don't tap!) to reveal the actual URL. (Look in the bottom left corner of the browser window.) Don't click on a link unless it goes to a URL you trust.

Follow up with the sender separately

If you didn’t expect it, reject it. Or follow-up with the individual directly in a separate email or call/text to confirm.

Report and/or flag it

  • Open the message

  • To the right of 'Reply' arrow

  • Select 'More' (typically denoted with three vertical dots)

  • Then 'Report phishing'

If you are unable to log into bMail, forward the message to phishing@berkeley.edu For more information visit https://security.berkeley.edu/resources/phishing

Examples of these types of attacks include:

Original Message:

RE: staff opinion

From: Gabriella Finley <report@x.myindiancolors.com>
To: user@uhs.berkeley.edu
Subject: RE: staff opinion
Date: Mon, 2 Nov 2020 19:43:22 +0000

Good day,
Please, answer the questions Employee Survey – it won`t take long. Waiting for you to go through this survey ASAP.

You can find the survey here: hxxps://docs.google.com/document/d/e/2PACX-1vSjKdTddXL-psR2rYotGSJuwOeBHUKkulbrhy78PHX6VtdJWFurH9mEmeV8PLVm1t4P5W0msKzpCg3N/pub

HR Department Analyst
Uc Regents;

Warning:  The links and email addresses included in these messages are from real-life examples, do not attempt to explore them.

The most dangerous links have been removed - you can hover your cursor over these links to see the original address in a pop-up techtip (instead of in the corner of the browser window).

How to report phishing:

  • Open the message

  • To the right of 'Reply' arrow

  • Select 'More' (typically denoted with three vertical dots)

  • Then 'Report phishing'

If you are unable to log into bMail, forward the message to phishing@berkeley.edu