Cybersecurity Awareness

Fake: URGENT: COVID-19 Variant Case Alert

July 3, 2024

This phony potential Covid contact alert was received by many users sent to their Campus bMail accounts.

What makes this a phishing message?

This targeted phishing scam is using a fake UC Berkeley email address

From: UC Berkeley Alerts <CHI-Information@case.edu>

This targeted phishing scam directs user to a bogus CAS authentication page..

Tips if Something Seems Off:

The serious nature of the report is intended to cause alarm in recipients and lure them into clicking the link and entering their...

PHISHING EXAMPLE: Phony Email confirmation Text Message

June 11, 2024

This fake email termination notification was received by many users on their personal cell phone numbers via text message.

What makes this a phishing message?

This targeted phishing scam is pretending to be a UC Berkeley technician and uses urgency and fear to cause the recipients to act, threatening loss of service (email).

Tips if Something Seems Off:

UC Berkeley Help Desks will NEVER initiate contact directly via test to personal cell phone numbers

No technician will ever ask you to send them a password, DUO push code or other secret account information...

Protecting Your Data

Overview:

Data is one of UC Berkeley’s most critical assets. The complexity and volume of the data we are taking in is growing while at the same time regulatory requirements are becoming more stringent. These factors make correctly managing data vital for ensuring its confidentiality, integrity, and availability remain intact.

The data management lifecycle:

Proper handling of data throughout its lifecycle is critical to optimizing its utility, minimizing the potential for errors, and protecting it from breaches. No...

Securing Remote Desktop (RDP) for System Administrators

How secure is Windows Remote Desktop?

Remote Desktop sessions operate over an encrypted channel, preventing anyone from viewing your session by listening on the network. However, there is a vulnerability in the method used to encrypt sessions in earlier versions of RDP. This vulnerability can allow unauthorized access to your session using a man-in-the-middle attack.

Remote Desktop can be secured using SSL/TLS in Windows Vista, Windows 7,...

Students: Beware of employment scams via email

December 7, 2023

Every year, students at UC Berkeley are scammed out of thousands of dollars via fake employment offers. Beware of unsolicited emails, phone calls, texts or even facebook messages offering internship or employment opportunities. If you receive a job offer, don’t trust it without verifying – contact the person offering the job via their contact info in the campus directory or via a berkeley.edu departmental website....

Security Tips for International Travel

International TravelFor members of the campus community, a trip to a foreign country presents unique data security challenges. The nature of international travel requires you to use your device (laptop, tablet or smartphone) in various unfamiliar places that may expose your data and device to malicious people and software.

...

SSH Key Management

An SSH key with a passphrase provides additional security and can act as an additional authentication factor. Adding a passphrase to your SSH keys is recommended to comply with the Remote Access Services Requirement of the Minimum Security Standard for Networked Devices (MSSND)

See instructions for setting up SSH key authentication for Windows, Mac, and Linux below. ...

PHISHING EXAMPLE: Fraudulent 'Broken Lab Equipment' Scam

January 30, 2024
What makes this a phishing message?

This targeted phishing scam impersonates the UC Berkeley faculty member or campus lab manager.

This email is sent to the parents of a student working in a campus lab. It invents a phony 'accident' that damaged an expensive piece of lab equipment and asks the parents of the lab member to reimburse the lab for part of the cost of replacement.

This targeted phishing scam uses urgency and fear to cause the recipients to act, extorting money from a phony accident.

Tips if Something Seems Off:

The message is sent from a...