Phishing

Multiple Phishing Attacks to Redirect Payroll in UCPath

May 15, 2025

We are seeing a spike in sophisticated tactics used to phish for credentials that are then used in concert with other methods to redirect direct deposit routing in UCPath.

These new tactics involve phishing emails, text messages, and highly accurate - but fake - UCPath websites.

What makes these phishing?

This targeted phishing scam impersonates the UC Berkeley Duo Admin to create fear and cause the recipients to act, scanning the QR code, leading to a malicious link.

This...

The Phish Tank

What is Phishing

Phishing is when cyber criminals trick you into giving them your personal information, like passwords or credit card details, by pretending to be a legitimate company or person. They often do this through fake emails, messages, or websites. Scam emails may even come from a Berkeley email address that’s been compromised, so be alert. Got an email that seems suspicious and not listed here? Report it.

Check the "Phish Tank"

Below are examples of recent...

Fake Debt Collection Google Doc Share

April 17, 2025

Unknown parties are sending fake Google Doc Shares with an urgent subject line. They usually refer to lawsuits or debt collection.

The bad actor is using the same Google Doc service, so the 'from' email will be the service email (via Google Drive)" <drive-shares-noreply@google.com>. The name of the sender

"Lаthаm & Wаtkins Dеbt ...

"MоrgɑnLеwis© - Suppоrt...

is made to sound official but is fake.

...

Jan 2025 bCourses Audit Attempts

January 22, 2025

An ineligible former Summer Session student is attempting to contact faculty directly and be added to many bCourses.

What makes this a phishing message?

In the Spring of 2024, a very similar incident occurred. The messages are usually send from an @gmail.com account, but may come from @berkeley.edu emails.

The reason for attempting to gain access to course materials seems unclear and the requests have come from both @berkeley.edu addresses and personal accounts like @gmail.com. Please remember that even if an email comes from a legitimate @berkeley.edu address, the sender...

Fake Electronic Payment ACH Message

April 9, 2025

Many bMail account holders have recently received fake messages indicating an ACH Payment or Electronic Fund transfer.

What makes this a phishing message?

This targeted phishing scam pretending to be a UC Berkeley technician. This targeted phishing scam uses urgency and fear to cause the recipients to act, threatening loss of service (email). The email often come from @GMail accounts and indicate a payment has been made or is pending. The malicious intent of the scammer is to get payment details so they can take those credentials and initiate a fraudulent payment, or steal the...

Float Like A ButterFly

Don't Get Stung

Since emails can be easily spoofed, it’s a good habit to “float” your cursor over an address before replying. It's tempting, but don’t click on links or automatically reply to emails, even if it seems to be from someone you know. Instead, hover over the link with your mouse to see the underlying email or URL destination.

For iOS touchscreen devices, press and hold the email address or linkdon't tap itto reveal the actual email address or URL. Remember, never reply to an...

PHISHING EXAMPLE: Phone Fraud, Chinese Consulate

February 8, 2023
If you are unable to log into bMail, forward the message to phishing@berkeley.edu. For more information visit https://security.berkeley.edu/resources/phishing

Fake: URGENT: COVID-19 Variant Case Alert

July 3, 2024

This phony potential Covid contact alert was received by many users sent to their Campus bMail accounts.

What makes this a phishing message?

This targeted phishing scam is using a fake UC Berkeley email address

From: UC Berkeley Alerts <CHI-Information@case.edu>

This targeted phishing scam directs user to a bogus CAS authentication page..

Tips if Something Seems Off:

The serious nature of the report is intended to cause alarm in recipients and lure them into clicking the link and entering their...

Students: Beware of employment scams via email

December 7, 2023

Every year, students at UC Berkeley are scammed out of thousands of dollars via fake employment offers. Beware of unsolicited emails, phone calls, texts or even facebook messages offering internship or employment opportunities. If you receive a job offer, don’t trust it without verifying – contact the person offering the job via their contact info in the campus directory or via a berkeley.edu departmental website....

Fake DUO Authentication Request

October 9, 2023
What makes this a phishing message?

This targeted phishing scam impersonates the UC Berkeley Duo Admin to create fear to cause the recipients to act, scanning the QR code which leads to a malicious link.

This targeted phishing scam uses urgency and fear to cause the recipients to act, exposing their personal information.

Tips if Something Seems Off: Double-check the email address before responding. Individual email users (even accounts made to look like berkeley.edu accounts) will never ask for this action. If the link is followed, the campus will NEVER ask for credentials to be...