Phishing Examples Archive

PHISHING EXAMPLE: Fraudulent 'Broken Lab Equipment' Scam

January 30, 2024

What makes this a phishing message?

This targeted phishing scam impersonates the UC Berkeley faculty member or campus lab manager.

Students: Beware of employment scams via email

December 7, 2023

Every year, students at UC Berkeley are scammed out of thousands of dollars via fake employment offers. Beware of unsolicited emails, phone calls, texts or even faceboo

Fake DUO Authentication Request

October 9, 2023

What makes this a phishing message?

This targeted phishing scam impersonates the UC Berkeley Duo Admin to create fear to cause the recipients to act, scanning the QR code which leads to a malicious link.

PHISHING EXAMPLE: Phone Fraud, Chinese Consulate

February 8, 2023
If you are unable to log into bMail, forward the message to phishing@berkeley.edu. For more information visit https://security.berkeley.edu/resources/phishing

PHISHING EXAMPLE: CAUTION : eMail Account Block

May 6, 2022
Attention recipient , We have received your request to terminate your email account below, and the request will be concluded within 12hours from now.

PHISHING EXAMPLE: Email Account Removal

May 6, 2022
Dear recipient We have received your cancellation request and you are no longer subscribed to security.berkeley.edu If you did not request cancellation, kindly click below to reactivate your account.

PHISHING EXAMPLE: Norton

February 15, 2022
Welcome Subscriber; Your Annual membership for NORTON 360 TOTAL PROTECTION has been renewed and updated successfully. The amount charged will be reflected within the next 24 to 48 hrs on your profile of account. Product Information: INVOICE NO. @ GGH1644259106OV ITEM NAME @ NORTON 360 TOTAL PROTECTION START DATE @ 2022 Feb 07 END DATE @ 1 year from START DATE GRAND TOTAL @ $240.42 USD PAYMENT METHOD @ Debit from account If you wish to not to continue subscription and claim a REFUND then please feel free to call our Billing Department as soon as possible. You can Reach us on : +1 – ( 803 ) – ( 598 ) – 4473 Regards, Billing Department SP

Fake Cal Store on Instagram

January 19, 2022
Beware of fake Cal Stores on Instagram or other social media platforms.

PHISHING EXAMPLE: English Dept. (Prof. Duncan) Job Offers

January 19, 2022
Using several different emails to send from and various subject lines, this attacker used the name of an actual Berkeley professor to send out a call for remote assistant work.

Severe Software Vulnerability in Apache's Java Logging Library

December 14, 2021

The UC Berkeley Information Security Office is responding to a newly revealed severe software vulnerability in 

Financial Phishing Attacks

October 11, 2021

Watch out for financial "spear phishing" emails.

Recognizing & Avoiding Job Scams

September 22, 2021

Are you on the lookout for flexible, part-time employment to help cover school expenses? If so, watch out for scams.

PHISHING EXAMPLE: WORK FROM HOME / BERKELEY PAID JOB OFFER

September 10, 2021
Dear Student, We got your contact through your school database and I'm happy to inform you that our reputable company Cisco Systems Inc® is currently running a student empowerment program. This program is to help devoted and hardworking students secure a part time job which does not deter them from doing any other, you just need a few hours to do this weekly and with an attractive weekly wages. KINDLY EMAIL BACK WITH YOUR PERSONAL EMAIL ADDRESS IF INTERESTED IN THIS JOB POSITION.

PHISHING EXAMPLE: WORK AFTER CLASSES OFFER ($500 WEEKLY SALARY)

September 10, 2021
Hello, Are you currently in the US? Here is an opportunity for you to work part time after classes and earn $500 weekly. The job is completely done online and can be completed anytime in the evening/night at home and won't take much of your time daily, you don't have to be online all day and don't need any professional skill to do the job, all you need is just come online before going to bed to forward all order of the day made by agents to the supplier and you are done for the day.

PHISHING EXAMPLE: student email directly

September 10, 2021
Hi Student, I am Dr Ralph Abraham, I feel comfortable discussing this WORK- STUDY opening with you since you were referred by the university chamber of commerce. I am very busy, that is why I have asked for your help as my temporary personal assistant. I provide individual and group therapy, coaching, assessment and many University students with academic difficulties and no prior diagnosis are seen and assessed through the academic screening and assessment process.

PHISHING EXAMPLE: Attention: website.berkeley.edu DMCA Copyright Infringement Notice

August 18, 2021
Hello! My name is Shafaq. Your website or a website that your company hosts is infringing on a copyright-protected images owned by myself. Take a look at this document with the links to my images you used at website.berkeley.edu and my earlier publications to get the evidence of my copyrights. Download it right now and check this out for yourself: hxxps://sites.google.com/view/a0hf49gj29g-i4jb48n5/drive/folders/shared/1/download?ID=308682351554855915 I believe you have willfully infringed my rights under 17 U.S.C. Section 101 et seq. and could be liable for statutory damages as high as $150,000 as set forth in Section 504(c)(2) of the Digital Millennium Copyright Act (”DMCA”) therein.

PHISHING EXAMPLE: Research Assistant

July 12, 2021
Berkeley University of California is seeking an Research Assistant / services of a competent Undergraduate Student Administrative Assistant to work Part-time and get paid $350 weekly. Tasks will be carried out remotely. If interested, Do text your name to (808) 378-1179 so as to proceed Bernhard Boser Professor, (808) 378-1179. 490A Cory Hall

PHISHING EXAMPLE: UPDATE REQUIRED ON @berkeley.edu

May 26, 2021
Outgoing Mail Error Due to server error, 6 new mails you sent from recipient@berkeley.edu are stucked in berkeley.edu Release below to re-send all stuck emails to the destination boxes. Release Emails This is a mandatory berkeley.edu webmail service sent to recipient@berkeley.edu

PHISHING EXAMPLE: Lab Report

May 19, 2021
This is to inform you that your laboratory result is ready. You can access your results via the following link: https://results.pmhlaboratoXXXXXXXXX.html(link is external) You must provide your NAME and DATE OF BIRTH in addition to the following code in order to see the report: POP UP BLOCKERS MUST BE DISABLED TO DOWNLOAD PDF REPORTS Patient Initials: A.B. Access code: 8625150102

PHISHING EXAMPLE: Account Suspension Request

May 19, 2021
Access to recipient@berkeley.edu will be suspended as per request received by admin at 5/12/2021 11:21:48 p.m. UTC. If you would like to cancel this request you may proceed below. *Cancel Now * Best Regards,

PHISHING EXAMPLE: DC Dox

May 19, 2021
matbrown19732@gmail.com has shared the following document: DC.docx [image: Unknown profile photo]Jim Knowlton shared a file with you Open matbrown19732@gmail.com is outside your organization. Google Drive: Have all your files within reach from any device. Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA [image: Logo for Google Drive]

PHISHING EXAMPLE: You recently made a request to deactivate email.

May 18, 2021
Dear Customer, You recently made a request to deactivate email. This request will be processed shortly. If you did not make this request, cancel the request now. Cancel Deactivation If you do not cancel this request, your account will be deactivated and all your email data will be lost. Sincerely, Your berkeley.edu Internet Team

UC Email Security Incident Notice

April 5, 2021

Updated May 11, 2021:

UCOP Notice to UC Community: https://ucnet.universityofcalifornia.edu/data-security/index.html

PHISHING EXAMPLE: UPDATE EMAIL: Don't lose access to your account!!

February 19, 2021
Security Notice! Dear XXXX, Our security system has detected some irregular activity connected to your account. you will be unable to send and recieve emails until this issue has been resolved CLICK HERE TO VALIDATE NOW To prevent further irregular activity we will restrict access to your account within 72 hours if you did not validate your account. *Note:* Mail Administrator will always keep you posted of security updates. Mail Admin

Phishing Example: ELIGIBILITY AND ASSESSMENT

November 30, 2020
Google Forms Jim Knowlton has shared a file with you using one drive. ELIGIBILITY AND ASSESSMENT Designed for Microsoft and office 365 users only FILL OUT FORM hxxps://docs.google.com/forms/d/e/1FAIpQLSd2hyLMl01_lJ9NG2Aj4QxXJrQ1ChJ42W0Ubx-FHIu8iT4QSA/viewform?vc=0&c=0&w=1&flr=0&usp=mail_form_link Create your own Google Form

Phishing Example: 2020 FACULTY EVALUATION

November 30, 2020
Google Forms Jim Knowlton invited you to fill out a form: 2020 FACULTY EVALUATION Designed for Microsoft and Office 365 users only FILL OUT FORM hxxps://docs.google.com/forms/d/e/1FAIpQLSfUCvno3DdViZI24_kfsFi7EPalW7aAMJIAZvsGCzvvrQX_Ew/viewform?vc=0&c=0&w=1&flr=0&usp=mail_form_link Create your own Google Form

Phishing Example: RE: staff opinion

November 30, 2020
Good day, Please, answer the questions Employee Survey – it won`t take long. Waiting for you to go through this survey ASAP. You can find the survey here: hxxps://docs.google.com/document/d/e/2PACX-1vSjKdTddXL-psR2rYotGSJuwOeBHUKkulbrhy78PHX6VtdJWFurH9mEmeV8PLVm1t4P5W0msKzpCg3N/pub HR Department Analyst Uc Regents;

Phishing Example: RE: at the office

November 30, 2020
, I will come to Uc Regents; soon and send your request about 2 weeks of vacation and payments to you. Very sorry. Open this recourse to preview the document (if the link doesn't work, copy it and paste to browser): hxxps://docs.google.com/document/d/e/2PACX-1vQeBPGXB5xGJ9m7RA7RGTEFgpWSAbr-nlOeOYerk4PG0IM_-6b148qM8RUERKw1GhKG5Z5rQpiUaSEF/pub Outsourcing director notice

Phishing Example: BERKELEY UNIVERSITY WORK FROM SCHOOL OR HOME PART TIME FALL 2020

October 5, 2020
Dear student! I'm Professor Douglas Ignacio. Senior Policy Advisor at the Student Unemployment Assistance Program (SUAP).SUAP is committed to provide significant benefits for students who are currently unemployed or who lost their jobs due to COVID-19 Pandemic to have equal right and opportunity, to be economically self-sufficient, and to earn and save without jeopardizing access to the services and supports that allow them to live and work independently. You have received this email because you have an offer from the University Education Department Office for unemployed students to work with me as my temporary Online Virtual Assistance. typical Duties: You will only help me mail letters if need be, make online bill payments and sometimes at the retail stores, purchase some items when necessary. You

Phishing Example: Security Notice - Fix Security Info Now

September 4, 2020
Dear berkeley.edu member, As a precautionary measure we have restricted access to your account until your validate has been changed . To prevent further irregular activity, you will be unable to send out any emails unties issue has been resolved To fix security info, click below to validate.

Phishing Example: (ITCS Notification:) Account Irregular Activity Detected [INC1147653]

September 3, 2020
UC Berkeley | IT Client Services Hello, This is an automated official communication from Berkeley IT Client Services Ticket system in reference to the incident number below. Ticket INC1147653 has been created from the recent activities in your CalNet - ID credentials. ITCS system have detected an irregular activity related to your UC Berkeley CalNet ID credentials. As a precautionary measure, we will temporary block your account and should be moving it to our backup server but we need your help to do this effectively otherwise you may lose your login information and data at the end of the Duo Account Migration & Quarantine clean-up process.

Phishing Example: Tutoring

August 7, 2020
Hello, How are you doing today? This is Barnes Beckwith. I saw your contact at the University of California, Berkeley, Department of East Asian Languages and Literatures under the Directory's portal. I seek a private beginner's language tutor for my Daughter. I would like to know if you have a STUDENT/TUTOR available for the job. As you will be unable to teach her owing to your BUSY SCHEDULE/STATUS, you can RECOMMEND one of your STUDENT(s) who is capable of teaching. Due to the Covid-19 Pandemic, the teaching could be done remotely. This depends on the tutor's directive. Looking forward to hearing from you.

Scammers Exploit California’s COVID-19 Contact Tracing Program

July 15, 2020
In ongoing efforts to mitigate the spread of COVID-19, Gov. Newsom launched "California Connected, " the state's contract tracing program and public awareness campaign. Malicious actors are leveraging the program to use phishing scams to exploit the public.

Phishing Example: Evaluation of UCRP Benefits for University of California, Berkeley

July 5, 2020
Employee Crook, Each year, as an employee of University of California, Berkeley you are eligible to schedule a phone call, teleconference, or in-person meeting off campus with a representative for answers to your specific state, federal and individual retirement benefit questions. At your consultation you will be provided with information on what your expected income will be from UCRP when you retire, and how much longer you will have to work. You will also receive advice on the best ways to utilize your 401(a) options with your UCRP and/or Social Security benefits. *Please be sure to indicate which type of appointment you prefer (off-campus, phone call, or teleconference) in the notes section while scheduling. Please also include your direct cell phone number.*

Phishing Example: URGENT REQUEST (Email Impersonation)

June 30, 2020
Are you available ? No calls text only 9513072XXX BEST REGARDS Carol T Christ Chancellor Berkeley University of California

Berkeley COVID-19 Information

June 22, 2020
Dear students, Berkeley University Of California health professionals have been closely monitoring the spread of COVID-19 over the past two months.Therefore the university is organizing an online part time job to sustain the students living.I'm happy to inform you that our reputable company CORESTAFF SERVICES Inc®,is currently running a student empowerment program. KINDLY EMAIL BACK WITH YOUR PERSONAL EMAIL ADDRESS IF INTERESTED IN THIS JOB POSITION. Kind Regards Donna Lisa HR Manager/Consultant CORESTAFF SERVICES Inc®

Phishing Example: Congratulations! You're Hired

June 5, 2020
ID:#Q94HL9632******** Congratulations your new job, I had to verify all the information you provided. I hope to have your 100% loyalty and co-operation. Your quick response to e-mails and effectiveness will be required and you will be receiving your first assignment very soon. You will be emailed with detailed instructions. After checking my programs, unfortunately, you don’t have much done for me this week. So, you'll be starting your first Assignment In few days, I am unable to meet up for an interview because I am currently away and helping the disabled students in Abroad as stated in my previous email but scheduled to be back last week of July

Phishing Example: Student Part-Time Job

June 3, 2020
Dear Student, We got your contact through your school database and I'm happy to inform you that our reputable company Cisco Inc® is currently running a student empowerment program. This program is to help devoted and hardworking students secure a part time job which does not deter them from doing any other, you just need a few hours to do this weekly and with an attractive weekly wages. KINDLY EMAIL BACK WITH YOUR ALTERNATE EMAIL ADDRESS IF INTERESTED IN THIS JOB POSITION.

Scammers are Exploiting Coronavirus Fears to Phish Users

March 9, 2020
Attackers have been sending emails that feed on concerns about COVID-19 to spread malware, trick them into sharing account credentials, or opening malicious attachments.

Phishing Example: Urgent Request

January 9, 2020
Are you available ? No calls text only 9513072XXX BEST REGARDS Carol T Christ Chancellor Berkeley University of California

Phishing Example: Part time work assistant needed

October 30, 2019
Hello RECIPIENT I am urgently seeking for a Clerical/Administrative Assistant to work for me on campus at their own free time while I am away on my work and earn basic wage $250 weekly.This is a flexible job that requires little to no prior experience .Let me know you are interested and I will fill you in. Sincerely *Professor David Card* *Department of Economics* *530 Evans Hall #3880* *University of California Berkeley* *Berkeley, CA*

Phishing Example: Robocalls

July 21, 2019
This call is from the Department of Social Security Administration. The reason you have received this phone call from our department is to inform you that we just suspend your Social Security number because we found some suspicious activity, so if you want to know more about it just press 1, thank you.

Phishing Example: Business Email Compromise

December 27, 2018
Are you around? I need to pay a vendor with the blucard. University of California, Berkeley

Phishing Example: Google Doc Phishing Message

May 3, 2017
XXX has invited you to view the following document: Open in Docs

Phishing Example: Message from human resources

April 13, 2017
This message, appearing to come from the HR department, was successful at convincing several campus recipients to click on the link provided and enter their Calnet credentials. The link was directed to a fake Calnet login page, the account name and password entered on this page would be compromised.

Phishing Example: Library Account

April 1, 2017
Dear Student, Your access to your library account is expiring soon due to inactivity. To continue to have access to the library services, you must reactivate your account. For this purpose, click the web address below or copy and paste it into your web browser. A successful login will activate your account and you will be redirected to your library profile. https://auth.berkeley.edu/cas/login?service=https%3a%2f% If you are not able to login, please contact at xxxxx@berkeley.edu for immediate assistance.

Phishing Example: Your Dropbox File

January 30, 2017
Hello, You just received a file through Dropbox Share Application. Please click below and log in to view file. View file Every time a friend installs Dropbox, we'll give both of you 1 GB of space for free! Need even more space? Upgrade your Dropbox and get 1 TB (1,000 GB) of space. Happy Dropboxing. - The Dropbox Team

Phishing Example: bCourses Expiration Notice

January 25, 2017
A targeted phishing message was received on campus appearing as an expiration notice for access to bCourses. The message attempted to trick recipients to login with CalNet credentials to prevent access expiration

Phishing Example: First 2017 Tax Season Phish

January 24, 2017
The Human Resources/Payroll Department has completed the final paystub changes for 2017 tax year. To view the changes to your paystub information and view/download your W-2 forms (2014 - 2016 tax years), go to: Adp Portal We hope you find the changes to your paystub information useful and welcome any comments you may have. Yours Sincerely, Danielle Carrel.

Phishing Example: FedEx Shipment Update

January 3, 2017
Dear Customer, We could not deliver your item. You can review and print complete details of shipping duty on your order. Thanks

Phishing Example: Important Announcement from Chancellor Dirks

December 14, 2016
Good Morning Berkeley Family, Please read attached for an important announcement from Chancellor Nicholas B. Dirks Thanks, Nicholas B. Dirks Chancellor 1 attachment: shared Document.pdf

Phishing Example: Email Account Upgrade

October 28, 2016
Dear User, Someone else was trying to use your Berkeley ID to sign into iCloud via a web browser. Date and Time: 28 October 2016, 1:38 PM Browser: Firefox Operating System: Windows Location:Thailand If the information above looks familiar, you can disregard this email. If you have not recently and believe someone may be trying to access your account, you should Click Here . Sincerely, Technical Support Team

Phishing Example: Irregular Activity

October 20, 2016
We have detected irregular activity on your account on the date 10/20/2016. For your protection, we have temporary limited your account. In order to regain full access to your account, you must verify this activity before you can continue using your account. We have sent you an attachment , open it and follow the steps to verify your account. Once completed, please allow up to 48h to update. Copyright © 2016 BankOfAmerica, All rights reserve IrregularActivityFile.html

Phishing Example: Messages containing Locky malware

August 24, 2016
Hello, Please sign the attached contract with our technical service company for 2016 � 2017. We would appreciate your quick response. King regards, Cynthia Curtis (Digital-Signature: f0a0e01386d19b03736165288026cc97e325560c78700e95)

Phishing Example: Vital Info

May 23, 2016
Hello, Please refer to the vital info I've shared with you using Google Drive. Click https://www.google.com/drive/docs/file0116 and sign in to view details.. Regard --

Phishing Example: bCourses Phish Attack

May 20, 2016
Dear User, This message is to inform you that your access to bCourses will soon expire. You will have to log in to your account to continue to have access to this service. You need to reactivate it just by logging in through the following URL. A a successful login will activate your account, and you will be redirected to your bCourses page. http://bcourses.berkeley.cnea.gq/login_0DZbL4B22o0ki22F0IZotK2LqgZijDXvf... If you are not able to login, please contact Mary Patel at mpatel@berkeley.edu for immediate assistance. Sincerely, Mary Patel Berkeley Security University of California, Berkeley 510-643-6927 mpatel@berkeley.edu

Phishing Example: PayPal - We need your help

March 22, 2016
We need your help. You account has been suspended, as an error as detected in your informations. The reason for the error is not certain, but for security reasons, we have suspended your account temporarily.

Phishing Example: RE: Notice from @rescue.org

March 14, 2016
A phishing message purporting to be from the International Rescue Committee regarding IT maintenance has been circulating on campus. The message requests that the recipient upgrade their mailbox size by selecting a link that redirects to a malicious website.

Phishing Example: Last Reminder You Must Update Your Apple Account Information!

March 13, 2016
Hello, We've noticed that some of your account information appears to be missing or incorrect, we need to verify your account information in order to continue using your Apple ID. Please Verify your account information by clicking on the link below. Sign in using your Apple ID to start the process, Verify Now >. Wondering why you got this email? When you don't regularly update your Apple ID information, Apple will require you to sign in by following the link in a verification email and update your information. This is to help protect your identity and keep your account secure. Apple Support

Phishing Example: Help Desk Notice

March 4, 2016
We detected unknown IP access on our date base computer system our security requires you to verify your account for secure security kindly Click Here and verify your account. ​ Help Desk​

Phishing Example: Google Docs Download

February 22, 2016
You have a pending incoming download docs shared with you via Google docs

Phishing Example: UCOP Spear Phish Attack

February 22, 2016
I need all our employee's reference copies of 2015 W-2 wages and tax statement, i am working on a review and if you can work on the W2's and have it sent to me as an attachment this morning that will be splendid. Via email would be appropriate. Regards. Janet Napolitano.

Phishing Example: ITunes Access Disabled

February 21, 2016
Another example of a common ploy to trick the recipient into clicking a link to a malicious website by claiming access to ITunes has been disabled.

Phishing Example: "Dear Email User" Expired Password Ploy

February 9, 2016
Your password will expire in 2 days, Click Here to re-change your password immediately. Thank you, IT- Help Desk SEED IS PROUD TO BE A 21st CENTURY COMMUNITY LEARNING CENTER. LEGAL DISCLAIMER - The information contained in this communication (including any attachments) may be confidential and legally privileged. This email may not serve as a contractual agreement unless explicit written agreement for this purpose has been made. If you are not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication or any of its contents is strictly prohibited. If you have received this communication in error, please re-send this communication to the sender indicating that it was received in error and delete the original message and any copy of it from your computer system.

Phishing Example: IT-Service Help Desk "Password Update"

February 2, 2016
Password will expire in 2 days Click Here To Validate E-mail Thank you, IT-Service Help Desk

Phishing Example: U.S. Dept. of Labor "Record Update"

January 18, 2016
This is an urgent request to update your employment record at the U.S Department of Labor.

Phishing Example: IRS Service "Important Update"

January 15, 2016
As we prepare to start the 2016 Tax filling season, we have undergone slight changes in the filling process to make filling for your refund easier and to prevent unnecessary delays. Part of the changes include updating our database with your information. Please ensure to carefully complete this verification to avoid hitches in processing your refund. We have sent you an attachment, open it and follow the steps to verify your profile.

Phishing Example: DHL Express Document

January 15, 2016
Dear xxx@berkeley.edu Your parcel (shipping document) arrived at the post office. Here is your Shipping Document/Invoice and copy of DHL receipt for your tracking which includes the bill of lading and DHL tracking number, the new Import/Export policy supplied by DHL Express. Please kindly check the attached to confirm accordingly if your address is correct, before we submit to our outlet office for dispatch to your destination. Label Number: E727D5151D Class: Package Services Service(s): Delivery Confirmation Status: eNotification sent Find attached the full statement information and a full list of outstanding Invoices. Your item will arrive in two (2) days time, and within the agreed credit term as stated on your Invoice. We would like to thank you for using the services of DHL Express. Read the enclosed file for details.

Phishing Example: "Paperless W2"

January 6, 2016
Dear: Account Owner, Our records indicate that you are enrolled in the University of California paperless W2 Program. As a result, you do not receive a paper W2 but instead receive e-mail notification that your online W2 (i.e. "paperless W2") is prepared and ready for viewing. ​​ Your W2 is ready for viewing under Employee Self Service. Logon at the following link: Click Here to Logon If you have trouble logging in to Employee Self Service at the link above, please contact your Payroll Department for support. If you would like to un-enroll in the Paperless W2 Program, please logon to Employee Self Service at the link above and go to the W2 Delivery Choice webpage and follow the instructions.

Phishing Example: PayPal Forgery

January 1, 2016
Pay.service Secure Dear Client, Recently, your account was reviewed and flagged because of a potential connection to some fraudulent transactions. To avoid an eventual restriction to your account, please verify your informations by logging in to our Litigations manager.

Phishing Example: UCB-HR "Your New Salary Notification"

December 10, 2015
Hello, You have an important email from the Human Resources Department with regards to your December 2015 Paycheck This email is enclosed in the Marquette University secure network, hence access it below Access the documents here ***Ensure your login credentials are correct to avoid cancellations** Faithfully Human Resources University of California, Berkeley