Phishing Example: Student Part-Time Job

June 3, 2020

These are targeted and simple forms of phishing emails designed to get victims to interact and establish a rapport. The messages start out as basic greetings or job opportunities and then progress into requests for money or data.

Tips if Something Seems Off:

Double-check the email address before responding

Look to make sure the email address is correct. In Gmail hover your mouse over the sender name for the email to display. On a mobile phone or a touchscreen, press and hold the link (don't tap!) to reveal the actual URL. (Look in the bottom left corner of the browser window.) Don't click on a link unless it goes to a URL you trust.

Follow up with the sender separately

If you didn’t expect it, reject it. Or follow-up with the individual directly in a separate email or call/text to confirm.

Report and/or flag it

  • Open the message

  • To the right of 'Reply' arrow

  • Select 'More' (typically denoted with three vertical dots)

  • Then 'Report phishing'

If you are unable to log into bMail, forward the message to phishing@berkeley.edu For more information visit https://security.berkeley.edu/resources/phishing

Examples of these types of attacks include:

Original Message:

--------- Forwarded message ---------

Subject: STUDENT PART - TIME JOB

To:

  

Dear Student, 

We got your contact through your school database and I'm happy to inform

you that our reputable company Cisco Inc® is currently running a student

empowerment program. This program is to help devoted and hardworking

students secure a part time job which does not deter them from doing any

other, you just need a few hours to do this weekly and with an attractive

weekly wages.

 

KINDLY EMAIL BACK WITH YOUR ALTERNATE EMAIL ADDRESS IF INTERESTED IN THIS

JOB POSITION.

 

Best Regards,

Jin Xiang

Hiring Manager/Consultant

Cisco Inc®.


Warning:  The links and email addresses included in these messages are from real-life examples, do not attempt to explore them.

The most dangerous links have been removed - you can hover your cursor over these links to see the original address in a pop-up techtip (instead of in the corner of the browser window).

How to report phishing:

  • Open the message

  • To the right of 'Reply' arrow

  • Select 'More' (typically denoted with three vertical dots)

  • Then 'Report phishing'

If you are unable to log into bMail, forward the message to phishing@berkeley.edu