Phishing Example: Security Notice - Fix Security Info Now

September 4, 2020

Below is a sophisticated, targeted form of phishing emails designed to look like legitimate UC Berkeley IT Client Services emails with the intention of scaring the victim to get them to provide personal information. Legitimate UC Berkeley IT departments will NEVER ask for your passphrase over email. Do not interact with these emails, instead report it.

Report and/or flag it

To flag it in bMail open the message and next to Reply click the three dots and select "Report phishing". 

Things to look for in this attack:

  • Notice the email is sent from an email marketing platform (e.g., MailChimp -look at the footer). Security emails are never sent from a third party "marketing" tool.
  • Bad grammar used through out the messages and it is sprinkled with "technical words" that don't actually make sense.
  • If you hover over the Validate button the url goes not to a site, but a nefarious link hosted to hide it's intentions. For more information about these attacks read: Phishing Campaigns Using Google Firebase Storage.
  • The Information Security Office will never ask you to confirm or validate your information via a "button/link".
  • Notice the helpful language used to lure you into trusting the authenticity of the sender and to respond.
  • Lastly - The Information Security Office is NOT located in "Chesterbrook".

Original Message:

Fake phishing email

Warning:  The links and email addresses included in these messages are from real-life examples, do not attempt to explore them.

The most dangerous links have been removed - you can hover your cursor over these links to see the original address in a pop-up techtip (instead of in the corner of the browser window).

How to report phishing:

  • Open the message

  • To the right of 'Reply' arrow

  • Select 'More' (typically denoted with three vertical dots)

  • Then 'Report phishing'

If you are unable to log into bMail, forward the message to