Cybersecurity Awareness

Fake Assessment Report Email - Credential Theft

August 29, 2025

This phony Assessment notification was received by many bMail users. It is part of a credential stealing attempt.

What makes this a phishing message?

The senders email is not a @berkeley.edu email, often a @gmail.com, @outlook.com, or netzero.net account.

This targeted phishing scam uses urgency indicating a task to complete.

The target page below is a non-UC Berkeley Google form. Campus users will never be asked to enter their CalNet credentials in any site other than a UC Berkeley CalNet CAS authentication page.

The most...

Read more about Fake Assessment Report Email - Credential Theft

Musical Instrument Give Away Fraud Phish

August 29, 2025

This fake email is allegedly from a campus member and offers to generously give away musical instruments or sometimes welding tools if only the recipient will pay for shipping.

They will recommend a moving company who will ask you to send money via Zelle, PayPal, or another digital wallet app, wire money, or pay with prepaid debit cards.

What makes this a phishing message?

This targeted phishing scam pretending to be a UC Berkeley colleague and offers a deal too good to be true. The scam uses a the promise very good deal or significant gain...

Read more about Musical Instrument Give Away Fraud Phish

Cybersecurity Awareness Month

Every October, we celebrate Cybersecurity Awareness Month (CAM) by offering guidance on safeguarding your data. Technology plays a role in everything we do to support the mission of teaching, research, and public service at Berkeley.

Read more about Cybersecurity Awareness Month

Home

Read more about Home

Education & Awareness

Read more about Education & Awareness

Training

Security is a shared responsibility. We all have a part to play.

Every member of the University community must safeguard the information entrusted to us. Phishing attacks and stolen credentials pose significant threats, making up-to-date cybersecurity training crucial for awareness and protection of our data and systems.

1. Take Your Annual Cybersecurity Awareness Training

A security awareness training course is assigned to all employees. You will receive an email with training information from the UC Learning Center.

More...

Read more about Training

Fraudulent Concert Ticket Cal-1 Card Scam

July 25, 2025

Our office has received a number of reports recently of bogus offers for free or discounted convert tickets offered in UCB student platforms (discord, chatgroups, etc.).

What makes these phishing? When contacted the individual may ask for a fee, or increase the price. To verify the requestor's identity, the bad actor will ask for a scan or image of the student's Cal-1 Card be sent to them. Tips if Something Seems Off: The renegotiation of price with a stranger will seem suspicious. Also the request for an ID document...

Read more about Fraudulent Concert Ticket Cal-1 Card Scam

Toolkits

Read more about Toolkits

Phishing Attack Using Misconduct Subject Lines

July 15, 2025

July 15, 2025: We are starting to see another wave of phishing attacks designed to steal credentials and reroute UCPath Direct Deposit.

What makes these phishing?

The newest fake emails may reference a pending investigation of misconduct, to which they then ask you to enter your CalNet credentials on a very authentic-looking, but fake, CAS page.

Odd URLs ending with /auth.berkeley.edu. proplas[.]ca/auth.berkeley.edu satisartirmamerkezi[.]com/auth.berkeley.edu img2.juvlon[.]com/auth.berkeley.edu The most recent frauds...

Read more about Phishing Attack Using Misconduct Subject Lines

Security Basics: 101

The basics of campus information security boil down to the following three concerns: Protecting Yourself, Protecting Devices, and Protecting Data

Protecting Yourself

Protect your personal information by following guidelines for managing passwords, learning how to avoid phishing scams, and by remembering secure computing practices at all times.

collapse all...