What appears to be a wide-spread Internet worm hit the campus in the form of a phishing email message. The message slipped through normal spam filters as the worm virus spread to email accounts in the "berkeley.edu" domain.
This message, appearing to come from the HR department, was successful at convincing several campus recipients to click on the link provided and enter their Calnet credentials. The link was directed to a fake Calnet login page, the account name and password entered on this page would be compromised.
A recent spate of phishing messages have been received on campus purporting to be Dropbox notifications. The link in the email message to "View File" is a ruse to capture CalNet passphrase credentials.
A targeted phishing message was received on campus appearing as an expiration notice for access to bCourses. The message attempted to trick recipients to login with CalNet credentials to prevent access expiration
This very simple phishing message that appeared to be sent from FedEx was effective in convincing several campus recipients to download the PDF attachment. The file contained a link that required password authentication, allowing the attacker to capture these credentials for future use.
On Dec. 14th, campus was the target of a phishing email purporting to be from Chancellor Dirks and containing a PDF file attachment with a link to a site intended to steal credentials. Beware of emails with the subject line "Important Announcement from Chancellor B. Dirks".
This is an example of how phishing messages can be made to look like they are from a legitimate business, such as PayPal. However, the poor grammar and other indicators make this an easy phish to spot.
A phishing message purporting to be from the International Rescue Committee regarding IT maintenance has been circulating on campus. The message requests that the recipient upgrade their mailbox size by selecting a link that redirects to a malicious website.
This phish is an example of how poorly most culprits have taken steps to disguise the message - it is often the case that phishing messages are originally drafted for another school or school district.
Another example of a phish that attempts to trick the user to click on a link to a malicious website by claiming their password will expire otherwise. This one purports to come from the IT-Service Help Desk.
Several people on campus fell for this phish, which directed the recipient to a fake CalNet login page where credentials were stolen. Beware of tax related phishing exploits, like this one, during this time of year.