Cybersecurity Awareness

Best Practices for Telecommuting Securely

Please note: personally-owned computers used by multiple people in the household are unlikely to meet the Campus Minimum Security for Networked Devices (MSSND) Standard. Risks to consider with home systems include:

Multiple users with administrator access allow for the download and spread of malware Insecure configurations leave the systems vulnerable to attacks Home users use software that is not supported and may not be patched for vulnerabilities Institutional information downloaded or cached to the machine may be exposed...

Back-to-School Cybersecurity Tips

The start of the school year is a prime time for hackers to target students and staff. Use this checklist to spot red flags and protect your data.

1. Spot the Red Flags

Be suspicious if you receive unexpected messages about:

Urgent Account Issues: Emails claiming there is a problem with your UC Berkeley registration or student account.

Fake Payments: Demands for a "federal student tax" (the IRS will never call to demand immediate wire transfers) or "tuition payment processors."

Unexpected Help: Calls from "Tech...

Home

Phony AI-Generated LLM Request Messages

March 25, 2026

Unknown senders, will contact faculty posing as real individuals and make specific inquiries regarding their work or publications

The messages could have subject lines similar to any of the following:

A question about . . . A short note after reading your work Curious about your work What makes this a phishing message?

The scam may not be a direct malicious threat, but the sender's accounts are fake and the goal is to gather data to use in Large Language Models to enhance AI apps.

The deception will allow a faculty's expertise and...

Fake Wikipedia Page Editorial Assistance Scam

March 23, 2026

Unknown senders, will contact faculty , usually from a @gmail.com address, and offer assistance writing and editing a professional Wikipedia page.

The messages could have subject lines similar to any of the following:

Your Academic Legacy with a Wikipedia Page Professional Wikipedia Page Editor Wikipedia Academic Legacy Page What makes this a phishing message?

The fraudster will praise the recipients research and career and offer their services to create a professional Wikipedia page. The plan is very detailed and will be followed by a...

MSSND: How to Secure Devices

Device Security

If you have a personally-managed Windows, Mac, IOS, or Android device that needs to comply with MSSND requirements, follow the step-by-step instructions below for how to configure your device to meet campus policy.

MSSND #1: Patching and Updates

We also provide guidance to assist with achieving the “...

Cal-1 Card Internship Scam Phish

February 18, 2026

This phony email is allegedly from a UC Berkeley professor, offering a fake internship scam if the applicant would provide additional details.

One of the items they will require is a scan of the applicant's Cal-1 ID card. The Cal-1 card should be handled like any other sensitive document (credit card, driver's license, etc.). You should never be asked to email it to a prospective UCB recruiter.

What makes this a phishing message?

No legitimate campus job or UCB faculty member will ever offer a position using a non-UCB email, a private cell...

Security Reminders as We Approach Tax Season

General reminders and best practices: File electronically and use direct deposit for the quickest refunds. File early - the earlier, the better. Filing early helps prevent identity fraud; others cannot file a fake return in your name if you have already filed. Remember that the IRS will never request payment over the phone, or ask for personal information through emails or text messages

Cybersecurity Awareness Month

Every October, we celebrate Cybersecurity Awareness Month (CAM) by offering guidance on safeguarding your data. Technology plays a role in everything we do to support the mission of teaching, research, and public service at Berkeley.

Securing Remote Desktop (RDP) for System Administrators

How secure is Windows Remote Desktop?

Remote Desktop sessions operate over an encrypted channel, preventing anyone from viewing your session by listening on the network. However, there is a vulnerability in the method used to encrypt sessions in earlier versions of RDP. This vulnerability can allow unauthorized access to your session using a man-in-the-middle attack.

Remote Desktop can be secured using SSL/TLS in Windows Vista, Windows 7,...