The Phish Tank

What is Phishing

Phishing is when cyber criminals trick you into giving them your personal information, like passwords or credit card details, by pretending to be a legitimate company or person. They often do this through fake emails, messages, or websites. Scam emails may even come from a Berkeley email address that’s been compromised, so be alert. Got an email that seems suspicious and not listed here? Report it.

Check the "Phish Tank"

Below are examples of recent phishing attacks received on campus, along with information to help you learn how to spot a phish. 

Date Title Audience Targeted
May 15, 2025 Multiple Phishing Attacks to Redirect Payroll in UCPath Faculty, Staff, Students
April 17, 2025 Fake Debt Collection Google Doc Share Faculty, Staff, Students
April 9, 2025 Fake Electronic Payment ACH Message Faculty, Staff, Students
January 22, 2025 Bcourses Audit Attempts Faculty
January 21, 2025 Phony Staff Assessment Doc Link Faculty, Staff
December 4, 2024 Fake UC Berkeley Financial Support Program Staff
December 2, 2024 Fake Email Account Suspension email Faculty, Staff, Students
December 2, 2024 Phony Remote Virtual Assistant Job Students
November 12, 2024 Fake: One of Your Students has COVID Phish Faculty

Visit our Phish Tank Archive for more examples.

We encourage everyone to protect themselves against phishing attacks.

We created the "Fight the Phish" campaign to educate you on ways to avoid and recognize phishing. These materials are free to use and share within the UC Berkeley community, so feel free to promote them around your department, classroom, or home office.

Protect your credentials

Scammers may try to push you to act immediately. Stay calm, read carefully, and don't let fear distract you. It's okay not to respond!

Check attachments & links

Float your cursor over links to see if they contain anything suspicious. If possible, verify before clicking links or opening attachments, as they may contain malware.

How to Report Phishing

Open the message, click 'more' (three vertical dots) next to 'Reply', select 'Report Phishing'. If you can't log into bMail, forward the message to phishing@berkeley.edu.

Review unexpected requests

If an email isn't expected, contact the sender directly through a separate contact channel. Phishing emails often create fear of urgency. Slow down before acting.

Check the sender

Since emails can be faked, always hover over an address before replying. Avoid clicking links or replying automatically, even if the email seems familiar.

Limit public information

Cybercriminals use publicly available information about you to create convincing scams, the less you share online, the less risk you face.