September 4, 2020
Below is a sophisticated, targeted form of phishing emails designed to look like legitimate UC Berkeley IT Client Services emails with the intention of scaring the victim to get them to provide personal information. Legitimate UC Berkeley IT departments will NEVER ask for your passphrase over email. Do not interact with these emails, instead report it.
Report and/or flag it
To flag it in bMail open the message and next to Reply click the three dots and select "Report phishing".
Things to look for in this attack:
- Notice the email is sent from an email marketing platform (e.g., MailChimp -look at the footer). Security emails are never sent from a third party "marketing" tool.
- Bad grammar used through out the messages and it is sprinkled with "technical words" that don't actually make sense.
- If you hover over the Validate button the url goes not to a Berkeley.edu site, but a nefarious link hosted to hide it's intentions. For more information about these attacks read: Phishing Campaigns Using Google Firebase Storage.
- The Information Security Office will never ask you to confirm or validate your information via a "button/link".
- Notice the helpful language used to lure you into trusting the authenticity of the sender and to respond.
- Lastly - The Information Security Office is NOT located in "Chesterbrook".
Original Message:
