Cybersecurity Awareness

Malware Hidden in an Invitation Email

April 15, 2026

This hoax phishing email sends the recipient an invitation using popular invitation apps. It may be from an unknown sender, or even a known sender with a compromised email account.

What makes this a phishing message?

The party or event invitation is used to trick recipients into downloading and opening a file. The file is not an invitation but malware that will installing a full remote access tool on their computers.

This phishing scam is written to look like it came from a friend or acquaintance, increasing trust. The message is...

Home

Best Practices for Telecommuting Securely

Please note: personally-owned computers used by multiple people in the household are unlikely to meet the Campus Minimum Security for Networked Devices (MSSND) Standard. Risks to consider with home systems include:

Multiple users with administrator access allow for the download and spread of malware Insecure configurations leave the systems vulnerable to attacks Home users use software that is not supported and may not be patched for vulnerabilities Institutional information downloaded or cached to the machine may be exposed...

Back-to-School Cybersecurity Tips

The start of the school year is a prime time for hackers to target students and staff. Use this checklist to spot red flags and protect your data.

1. Spot the Red Flags

Be suspicious if you receive unexpected messages about:

Urgent Account Issues: Emails claiming there is a problem with your UC Berkeley registration or student account.

Fake Payments: Demands for a "federal student tax" (the IRS will never call to demand immediate wire transfers) or "tuition payment processors."

Unexpected Help: Calls from "Tech...

Phony AI-Generated LLM Request Messages

March 25, 2026

Unknown senders, will contact faculty posing as real individuals and make specific inquiries regarding their work or publications

The messages could have subject lines similar to any of the following:

A question about . . . A short note after reading your work Curious about your work What makes this a phishing message?

The scam may not be a direct malicious threat, but the sender's accounts are fake and the goal is to gather data to use in Large Language Models to enhance AI apps.

The deception will allow a faculty's expertise and...

Fake Wikipedia Page Editorial Assistance Scam

March 23, 2026

Unknown senders, will contact faculty , usually from a @gmail.com address, and offer assistance writing and editing a professional Wikipedia page.

The messages could have subject lines similar to any of the following:

Your Academic Legacy with a Wikipedia Page Professional Wikipedia Page Editor Wikipedia Academic Legacy Page What makes this a phishing message?

The fraudster will praise the recipients research and career and offer their services to create a professional Wikipedia page. The plan is very detailed and will be followed by a...

MSSND: How to Secure Devices

Device Security

If you have a personally-managed Windows, Mac, IOS, or Android device that needs to comply with MSSND requirements, follow the step-by-step instructions below for how to configure your device to meet campus policy.

MSSND #1: Patching and Updates

We also provide guidance to assist with achieving the “...

Cal-1 Card Internship Scam Phish

February 18, 2026

This phony email is allegedly from a UC Berkeley professor, offering a fake internship scam if the applicant would provide additional details.

One of the items they will require is a scan of the applicant's Cal-1 ID card. The Cal-1 card should be handled like any other sensitive document (credit card, driver's license, etc.). You should never be asked to email it to a prospective UCB recruiter.

What makes this a phishing message?

No legitimate campus job or UCB faculty member will ever offer a position using a non-UCB email, a private cell...

Security Reminders as We Approach Tax Season

General reminders and best practices: File electronically and use direct deposit for the quickest refunds. File early - the earlier, the better. Filing early helps prevent identity fraud; others cannot file a fake return in your name if you have already filed. Remember that the IRS will never request payment over the phone, or ask for personal information through emails or text messages

Cybersecurity Awareness Month

Every October, we celebrate Cybersecurity Awareness Month (CAM) by offering guidance on safeguarding your data. Technology plays a role in everything we do to support the mission of teaching, research, and public service at Berkeley.