May 3, 2017
What appears to be a wide-spread Internet worm hit the campus in the form of a phishing email message. The message slipped through normal spam filters as the worm virus spread to email accounts in the "berkeley.edu" domain.
April 13, 2017
This message, appearing to come from the HR department, was successful at convincing several campus recipients to click on the link provided and enter their Calnet credentials. The link was directed to a fake Calnet login page, the account name and password entered on this page would be compromised.
April 1, 2017
This phishing message was received by students across campus, purporting that the student's library account has expired. The Library does not issue emails concerning inactive accounts.
January 30, 2017
A recent spate of phishing messages have been received on campus purporting to be Dropbox notifications. The link in the email message to "View File" is a ruse to capture CalNet passphrase credentials.
January 25, 2017
A targeted phishing message was received on campus appearing as an expiration notice for access to bCourses. The message attempted to trick recipients to login with CalNet credentials to prevent access expiration
January 24, 2017
This was the first tax season related phishing message reported on campus this year. Beware of phishing messages containing fake instructions for downloading your W2 form.
January 3, 2017
This very simple phishing message that appeared to be sent from FedEx was effective in convincing several campus recipients to download the PDF attachment. The file contained a link that required password authentication, allowing the attacker to capture these credentials for future use.
December 14, 2016
On Dec. 14th, campus was the target of a phishing email purporting to be from Chancellor Dirks and containing a PDF file attachment with a link to a site intended to steal credentials. Beware of emails with the subject line "Important Announcement from Chancellor B. Dirks".
October 28, 2016
A pretty convincing phishing message that appears to come from CSS-IT issuing a warning that the user's ID may have been compromised.
October 20, 2016
This phishing message, purportedly from Bank of America, contained multiple threats - two file attachments that likely contain malware and a separate ploy to obtain user credentials.
August 24, 2016
There has been a recent spate of email messages to campus containing the Locky ransomware virus in file attachments. The format of the message content is very similar.
May 23, 2016
Another targeted phishing message, this one has been spoofed to appear to come from the Office of the Registrar.
May 20, 2016
Several people on campus reported this targeted phishing message concerning access to bCourses. The message was signed by a fictitious member of the Security department.
March 22, 2016
This is an example of how phishing messages can be made to look like they are from a legitimate business, such as PayPal. However, the poor grammar and other indicators make this an easy phish to spot.
March 14, 2016
A phishing message purporting to be from the International Rescue Committee regarding IT maintenance has been circulating on campus. The message requests that the recipient upgrade their mailbox size by selecting a link that redirects to a malicious website.
March 13, 2016
An email message purporting to be from Apple Support, requesting that the recipient verify their account information, has been seen in several variations on campus.
March 4, 2016
This phish is an example of how poorly most culprits have taken steps to disguise the message - it is often the case that phishing messages are originally drafted for another school or school district.
February 22, 2016
This phish example attempts to trick the recipient into clicking on a link to a malicious website by purporting to be a link to download a Google doc.
February 22, 2016
A targeted phishing message was received at both Berkeley and UCLA campuses that was purportedly from the UC Office of the President requesting employee's W2 form.
February 21, 2016
Another example of a common ploy to trick the recipient into clicking a link to a malicious website by claiming access to ITunes has been disabled.
February 9, 2016
An example of a common phishing ploy - a notice that your email password will expire, with a link to change the password that leads to a malicious website.
February 2, 2016
Another example of a phish that attempts to trick the user to click on a link to a malicious website by claiming their password will expire otherwise. This one purports to come from the IT-Service Help Desk.
January 18, 2016
Campus was the target of a phishing email purporting to be from the U.S. Dept of Labor and asking for users to update their employment records. Beware of emails with the subject line "Record Update".
January 15, 2016
The 2016 tax filing season is upon us, beware of messages requesting personal information to be updated online to make your "refund easier".
January 15, 2016
Phishing message purporting to be from DHL and requesting package delivery confirmation contains links to malware infected website.
January 6, 2016
Several people on campus fell for this phish, which directed the recipient to a fake CalNet login page where credentials were stolen. Beware of tax related phishing exploits, like this one, during this time of year.
January 2, 2016
This spear phishing attack was targeted to campus academic staff. The recipient was asked to share access to research articles, but the embedded link was routed to a fake CalNet login page.
January 1, 2016
This is a forgery example of a commonly used service provider, PayPal. The intent is to fool the recipient into clicking the link directed to a malware infected webpage.
December 10, 2015
This phishing message was forged to appear to come from the UCB Human Resources office. Beware of "URGENT" message from HR concerning "Your New Salary Notification".