PHISHING EXAMPLE: UPDATE REQUIRED ON @berkeley.edu

May 26, 2021

These are targeted and simple forms of phishing emails designed to get victims to click on a link that contains malicious content or steals your credentials.

Tips if Something Seems Off:

Double-check the email address before responding

Look to make sure the email address is correct. In Gmail hover your mouse over the sender name for the email to display. On a mobile phone or a touchscreen, press and hold the link (don't tap!) to reveal the actual URL. (Look in the bottom left corner of the browser window.) Don't click on a link unless it goes to a URL you trust.

Follow up with the sender separately

If you didn’t expect it, reject it. Or follow-up with the individual directly in a separate email or call/text to confirm.

Report and/or flag it

  • Open the message

  • To the right of 'Reply' arrow

  • Select 'More' (typically denoted with three vertical dots)

  • Then 'Report phishing'

If you are unable to log into bMail, forward the message to phishing@berkeley.edu For more information visit https://security.berkeley.edu/resources/phishing

Examples of these types of attacks include:

Original Message:

From: security@berkeley.edu <security@berkeley.edu> 
Date: Mon, May 24, 2021 at 12:52 PM
Subject: UPDATE REQUIRED ON mbrasil@berkeley.edu
To: <recipient@berkeley.edu>

Outgoing Mail Error

Due to server error, 6 new mails you sent from recipient@berkeley.edu are stucked in berkeley.edu
Release below to re-send all stuck emails to the destination boxes.
Release Emails
<hxxps://firebasestorage.googleapis.com/v0/b/bet2604ver.appspot.com/o/bet2604ver%2Findex2bat904rff27dcf22a2ea9163406004.html?alt=media&token=e70fe211-f84a-4ae7-a4d0-c9376ee4cf57#mbrasil@berkeley.edu>
This is a mandatory berkeley.edu webmail service sent to recipient@berkeley.edu

From: "security@berkeley.edu"
Date: Mon, May 24, 2021 at 8:16 PM
Subject: UPDATE REQUIRED ON user@berkeley.edu
To: <user@berkeley.edu>


Outgoing Mail Error


Due to server error, 6 new mails you sent from user@berkeley.edu are
stucked in berkeley.edu

Release below to re-send all stuck emails to the destination boxes.

Release Emails
<hxxps://firebasestorage.googleapis.com/v0/b/bet2604ver.appspot.com/o/bet2604ver%2Findex2baxxxxxxx>

This is a mandatory berkeley.edu webmail service sent to
user@berkeley.edu

Warning:  The links and email addresses included in these messages are from real-life examples, do not attempt to explore them.

The most dangerous links have been removed - you can hover your cursor over these links to see the original address in a pop-up techtip (instead of in the corner of the browser window).

How to report phishing:

  • Open the message

  • To the right of 'Reply' arrow

  • Select 'More' (typically denoted with three vertical dots)

  • Then 'Report phishing'

If you are unable to log into bMail, forward the message to phishing@berkeley.edu