Cybersecurity Awareness

Training

Discover security training courses and tools

Annual Cybersecurity Awareness Training

This mandatory, computer-based training covers a variety of information security topics and is accessed through the UC Learning Center, supported by Berkeley People & Culture. Additionally, you can access the course via the information on the People and Culture UC Cyber Security Awareness...

Fraudulent Concert Ticket Cal-1 Card Scam

July 25, 2025

Our office has received a number of reports recently of bogus offers for free or discounted convert tickets offered in UCB student platforms (discord, chatgroups, etc.).

What makes these phishing? When contacted the individual may ask for a fee, or increase the price. To verify the requestor's identity, the bad actor will ask for a scan or image of the student's Cal-1 Card be sent to them. Tips if Something Seems Off: The renegotiation of price with a stranger will seem suspicious. Also the request for an ID document...

Toolkits

Phishing Attack Using Misconduct Subject Lines

July 15, 2025

July 15, 2025: We are starting to see another wave of phishing attacks designed to steal credentials and reroute UCPath Direct Deposit.

What makes these phishing?

The newest fake emails may reference a pending investigation of misconduct, to which they then ask you to enter your CalNet credentials on a very authentic-looking, but fake, CAS page.

Odd URLs ending with /auth.berkeley.edu. proplas[.]ca/auth.berkeley.edu satisartirmamerkezi[.]com/auth.berkeley.edu img2.juvlon[.]com/auth.berkeley.edu The most recent frauds...

Security Basics: 101

The basics of campus information security boil down to the following three concerns: Protecting Yourself, Protecting Devices, and Protecting Data

Protecting Yourself

Protect your personal information by following guidelines for managing passwords, learning how to avoid phishing scams, and by remembering secure computing practices at all times.

collapse all...

SSH Key Management

An SSH key with a passphrase provides additional security and can act as an additional authentication factor. Adding a passphrase to your SSH keys is recommended to comply with the Remote Access Services Requirement of the Minimum Security Standard for Networked Devices (MSSND)

See instructions for setting up SSH key authentication for Windows, Mac, and Linux below. ...

Multiple Phishing Attacks to Redirect Payroll in UCPath

May 15, 2025

We are seeing a spike in sophisticated tactics used to phish for credentials that are then used in concert with other methods to redirect direct deposit routing in UCPath.

These new tactics involve phishing emails, text messages, and highly accurate - but fake - UCPath websites.

What makes these phishing?

This targeted phishing scam impersonates the UC Berkeley Duo Admin to create fear and cause the recipients to act, scanning the QR code, leading to a malicious link.

This...

Education & Awareness

Home

Fake Debt Collection Google Doc Share

April 17, 2025

Unknown parties are sending fake Google Doc Shares with an urgent subject line. They usually refer to lawsuits or debt collection.

The bad actor is using the same Google Doc service, so the 'from' email will be the service email (via Google Drive)" <drive-shares-noreply@google.com>. The name of the sender

"Lаthаm & Wаtkins Dеbt ...

"MоrgɑnLеwis© - Suppоrt...

is made to sound official but is fake.

...