Phishing Example: UCOP Spear Phish Attack

February 22, 2016

Why is this a Phishing message?

This is actually a targeted phishing message, or "spear phishing" message.  It was targeted to staff members at Berkeley and UCLA campuses and appeared to come from the UC Office of the President.  The message was "spoofed" to appear to come from Janet Napolitano, requesting staff members to send a copy of their W2 form by email. 

No campus official would ever request staff members to share their W2 forms through an unsecured medium, such as email.

Original Message:

From: *Janet Napolitano* <>
Date: Mon, Feb 22, 2016 at 8:17 AM
Subject: 2015 W-2 statement

I need all our employee's reference copies of 2015 W-2 wages and tax
statement, i am working on a review and if you can work on the W2's and
have it sent to me as an attachment this morning that will be
splendid. Via email would be appropriate.


Janet Napolitano.

Warning:  The links and email addresses included in these messages are from real-life examples, do not attempt to explore them.

The most dangerous links have been removed - you can hover your cursor over these links to see the original address in a pop-up techtip (instead of in the corner of the browser window).

Report suspected phishing emails to Be sure to include the entire text of the message, including the email header.