Cybersecurity Awareness

Cybersecurity Awareness Month

Every October, we celebrate Cybersecurity Awareness Month (CAM) by offering guidance on safeguarding your data. Technology plays a role in everything we do to support the mission of teaching, research, and public service at Berkeley.

Bogus bCal Meetings - Spam / Malware

September 10, 2025

A default setting in bCal may allow anyone from the internet to add you to a Google Calendar invite. This is being used to create fake spam meetings or include potentially malicious links or attachments. Any links included are as dangerous as the ones that would have been included in a phishing email.

What makes this a phishing message?

The non UC Berkeley senders are sourcing @berkeley.edu email addresses and creating the fake meeting, including subjects like:

Bitcoin Purchase Payment Overdue McAfee Subscription Charge...

Fraudulent New Salary Details Phish

September 22, 2025

This phony email is allegedly from a campus department regarding new salary details or a financial bonus.

The message will request you follow a link and enter your CalNet username and password, and often personal cell phone number for your new salary or compensation details.

What makes this a phishing message?

Salary and compensation details are announced in the expected UC Berkeley official channels. The scam uses a the promise of a salary increase of a bonus to lure the recipient into clicking the link and sending credentials....

Home

Education & Awareness

Fake Assessment Report Email - Credential Theft

August 29, 2025

This phony Assessment notification was received by many bMail users. It is part of a credential stealing attempt.

What makes this a phishing message?

The senders email is not a @berkeley.edu email, often a @gmail.com, @outlook.com, or netzero.net account.

This targeted phishing scam uses urgency indicating a task to complete.

The target page below is a non-UC Berkeley Google form. Campus users will never be asked to enter their CalNet credentials in any site other than a UC Berkeley CalNet CAS authentication page.

The most...

Musical Instrument Give Away Fraud Phish

August 29, 2025

This fake email is allegedly from a campus member and offers to generously give away musical instruments or sometimes welding tools if only the recipient will pay for shipping.

They will recommend a moving company who will ask you to send money via Zelle, PayPal, or another digital wallet app, wire money, or pay with prepaid debit cards.

What makes this a phishing message?

This targeted phishing scam pretending to be a UC Berkeley colleague and offers a deal too good to be true. The scam uses a the promise very good deal or significant gain...

Training

Security is a shared responsibility. We all have a part to play.

Every member of the University community must safeguard the information entrusted to us. Phishing attacks and stolen credentials pose significant threats, making up-to-date cybersecurity training crucial for awareness and protection of our data and systems.

1. Take Your Annual Cybersecurity Awareness Training

A security awareness training course is assigned to all employees. You will receive an email with training information from the UC Learning Center.

More...

Fraudulent Concert Ticket Cal-1 Card Scam

July 25, 2025

Our office has received a number of reports recently of bogus offers for free or discounted convert tickets offered in UCB student platforms (discord, chatgroups, etc.).

What makes these phishing? When contacted the individual may ask for a fee, or increase the price. To verify the requestor's identity, the bad actor will ask for a scan or image of the student's Cal-1 Card be sent to them. Tips if Something Seems Off: The renegotiation of price with a stranger will seem suspicious. Also the request for an ID document...

Toolkits