Anti-Phish Tip #4

Check for Trash Before the Slash

Check for Trash Before the Slash

Verify "https://auth.berkeley.edu/" Before Entering CalNet Credentials

THE TRAP: You are asked to enter your CalNet passphrase on what looks like the standard blue CalNet Authentication page.

YOUR DEFENSE: Always check the actual URL to make sure it starts with "https://auth.berkeley.edu/". Trusted UCB authentication pages will never have anything phishy BEFORE the first single slash. Fraudulent login screens designed to steal your credentials may LOOK authentic if you're not paying attention to the URL.

Good Example:  https://auth.berkeley.edu/cas/login?service

Bad Example:  https://auth.berrkeley.webs.com/cas/login?service

Also check for the Extended Validation Certificate in the address bar.  Look for a long green bar with a padlock followed by our institution’s name:  University of California, Berkeley (Regents of the Univ. of CA)[US]

Remember: Only You can Protect your CalNet Passphrase!
Not sure if it's a phish? Drop us a line. Send email to consult@berkeley.edu or call 510 664-9000.