Phishing Examples Archive

Phishing Example: Google Doc Phishing Message

May 3, 2017
What appears to be a wide-spread Internet worm hit the campus in the form of a phishing email message. The message slipped through normal spam filters as the worm virus spread to email accounts in the "berkeley.edu" domain.

Phishing Example: Message from human resources

April 13, 2017
This message, appearing to come from the HR department, was successful at convincing several campus recipients to click on the link provided and enter their Calnet credentials. The link was directed to a fake Calnet login page, the account name and password entered on this page would be compromised.

Phishing Example: Library Account

April 1, 2017
This phishing message was received by students across campus, purporting that the student's library account has expired. The Library does not issue emails concerning inactive accounts.

Phishing Example: Your Dropbox File

January 30, 2017
A recent spate of phishing messages have been received on campus purporting to be Dropbox notifications. The link in the email message to "View File" is a ruse to capture CalNet passphrase credentials.

Phishing Example: bCourses Expiration Notice

January 25, 2017
A targeted phishing message was received on campus appearing as an expiration notice for access to bCourses. The message attempted to trick recipients to login with CalNet credentials to prevent access expiration

Phishing Example: First 2017 Tax Season Phish

January 24, 2017
This was the first tax season related phishing message reported on campus this year. Beware of phishing messages containing fake instructions for downloading your W2 form.

Phishing Example: FedEx Shipment Update

January 3, 2017
This very simple phishing message that appeared to be sent from FedEx was effective in convincing several campus recipients to download the PDF attachment. The file contained a link that required password authentication, allowing the attacker to capture these credentials for future use.

Phishing Example: Important Announcement from Chancellor Dirks

December 14, 2016
On Dec. 14th, campus was the target of a phishing email purporting to be from Chancellor Dirks and containing a PDF file attachment with a link to a site intended to steal credentials. Beware of emails with the subject line "Important Announcement from Chancellor B. Dirks".

Phishing Example: Email Account Upgrade

October 28, 2016
A pretty convincing phishing message that appears to come from CSS-IT issuing a warning that the user's ID may have been compromised.

Phishing Example: Irregular Activity

October 20, 2016
This phishing message, purportedly from Bank of America, contained multiple threats - two file attachments that likely contain malware and a separate ploy to obtain user credentials.

Phishing Example: Messages containing Locky malware

August 24, 2016
There has been a recent spate of email messages to campus containing the Locky ransomware virus in file attachments. The format of the message content is very similar.

Phishing Example: Vital Info

May 23, 2016
Another targeted phishing message, this one has been spoofed to appear to come from the Office of the Registrar.

Phishing Example: bCourses Phish Attack

May 20, 2016
Several people on campus reported this targeted phishing message concerning access to bCourses. The message was signed by a fictitious member of the Security department.

Phishing Example: PayPal - We need your help

March 22, 2016
This is an example of how phishing messages can be made to look like they are from a legitimate business, such as PayPal. However, the poor grammar and other indicators make this an easy phish to spot.

Phishing Example: RE: Notice from @rescue.org

March 14, 2016
A phishing message purporting to be from the International Rescue Committee regarding IT maintenance has been circulating on campus. The message requests that the recipient upgrade their mailbox size by selecting a link that redirects to a malicious website.

Phishing Example: Last Reminder You Must Update Your Apple Account Information!

March 13, 2016
An email message purporting to be from Apple Support, requesting that the recipient verify their account information, has been seen in several variations on campus.

Phishing Example: Help Desk Notice

March 4, 2016
This phish is an example of how poorly most culprits have taken steps to disguise the message - it is often the case that phishing messages are originally drafted for another school or school district.

Phishing Example: UCOP Spear Phish Attack

February 22, 2016
A targeted phishing message was received at both Berkeley and UCLA campuses that was purportedly from the UC Office of the President requesting employee's W2 form.

Phishing Example: Google Docs Download

February 22, 2016
This phish example attempts to trick the recipient into clicking on a link to a malicious website by purporting to be a link to download a Google doc.

Phishing Example: ITunes Access Disabled

February 21, 2016
Another example of a common ploy to trick the recipient into clicking a link to a malicious website by claiming access to ITunes has been disabled.

Phishing Example: "Dear Email User" Expired Password Ploy

February 9, 2016
An example of a common phishing ploy - a notice that your email password will expire, with a link to change the password that leads to a malicious website.

Phishing Example: IT-Service Help Desk "Password Update"

February 2, 2016
Another example of a phish that attempts to trick the user to click on a link to a malicious website by claiming their password will expire otherwise. This one purports to come from the IT-Service Help Desk.

Phishing Example: U.S. Dept. of Labor "Record Update"

January 18, 2016
Campus was the target of a phishing email purporting to be from the U.S. Dept of Labor and asking for users to update their employment records. Beware of emails with the subject line "Record Update".

Phishing Example: IRS Service "Important Update"

January 15, 2016
The 2016 tax filing season is upon us, beware of messages requesting personal information to be updated online to make your "refund easier".

Phishing Example: DHL Express Document

January 15, 2016
Phishing message purporting to be from DHL and requesting package delivery confirmation contains links to malware infected website.

Phishing Example: "Paperless W2"

January 6, 2016
Several people on campus fell for this phish, which directed the recipient to a fake CalNet login page where credentials were stolen. Beware of tax related phishing exploits, like this one, during this time of year.

Phishing Example: Spear Phishing Attack "Articles"

January 2, 2016
This spear phishing attack was targeted to campus academic staff. The recipient was asked to share access to research articles, but the embedded link was routed to a fake CalNet login page.

Phishing Example: PayPal Forgery

January 1, 2016
This is a forgery example of a commonly used service provider, PayPal. The intent is to fool the recipient into clicking the link directed to a malware infected webpage.

Phishing Example: UCB-HR "Your New Salary Notification"

December 10, 2015
This phishing message was forged to appear to come from the UCB Human Resources office. Beware of "URGENT" message from HR concerning "Your New Salary Notification".