Cybersecurity Awareness

Cybersecurity Awareness Month

Every October, we celebrate Cybersecurity Awareness Month (CAM) by offering guidance on safeguarding your data. Technology plays a role in everything we do to support the mission of teaching, research, and public service at Berkeley.

Home

Securing Remote Desktop (RDP) for System Administrators

How secure is Windows Remote Desktop?

Remote Desktop sessions operate over an encrypted channel, preventing anyone from viewing your session by listening on the network. However, there is a vulnerability in the method used to encrypt sessions in earlier versions of RDP. This vulnerability can allow unauthorized access to your session using a man-in-the-middle attack.

Remote Desktop can be secured using SSL/TLS in Windows Vista, Windows 7,...

Holiday Shopping

Click here to download a list of tips for safer holiday shopping.All holiday events icons

Shopping online is easy and convenient—for cybercriminals, too. Avoid getting scammed with these tips to keep you safe while online shopping. 1. Use...

Fraudulent New Salary Details Phish

September 22, 2025

This phony email is allegedly from a campus department regarding new salary details or a financial bonus.

The message will request you follow a link and enter your CalNet username and password, and often personal cell phone number for your new salary or compensation details.

What makes this a phishing message?

Salary and compensation details are announced in the expected UC Berkeley official channels. The scam uses a the promise of a salary increase of a bonus to lure the recipient into clicking the link and sending credentials....

Traffic Light Protocol

Overview

The Traffic Light Protocol (TLP) was created to facilitate greater sharing of information. TLP is a set of designations used to ensure that sensitive information is shared with appropriate audiences.

TLP uses four colors to define sharing boundaries to be applied by the recipient(s) indicating when and how sensitive information can be shared, and by facilitating more frequent and effective collaboration. TLP is optimized for ease of adoption, human readability and person-to-person sharing; it may be used in automated sharing exchanges...

Bogus bCal Meetings - Spam / Malware

September 10, 2025

A default setting in bCal may allow anyone from the internet to add you to a Google Calendar invite. This is being used to create fake spam meetings or include potentially malicious links or attachments. Any links included are as dangerous as the ones that would have been included in a phishing email.

What makes this a phishing message?

The non UC Berkeley senders are sourcing @berkeley.edu email addresses and creating the fake meeting, including subjects like:

Bitcoin Purchase Payment Overdue McAfee Subscription Charge...

Education & Awareness

Fake Assessment Report Email - Credential Theft

August 29, 2025

This phony Assessment notification was received by many bMail users. It is part of a credential stealing attempt.

What makes this a phishing message?

The senders email is not a @berkeley.edu email, often a @gmail.com, @outlook.com, or netzero.net account.

This targeted phishing scam uses urgency indicating a task to complete.

The target page below is a non-UC Berkeley Google form. Campus users will never be asked to enter their CalNet credentials in any site other than a UC Berkeley CalNet CAS authentication page.

The most...

Musical Instrument Give Away Fraud Phish

August 29, 2025

This fake email is allegedly from a campus member and offers to generously give away musical instruments or sometimes welding tools if only the recipient will pay for shipping.

They will recommend a moving company who will ask you to send money via Zelle, PayPal, or another digital wallet app, wire money, or pay with prepaid debit cards.

What makes this a phishing message?

This targeted phishing scam pretending to be a UC Berkeley colleague and offers a deal too good to be true. The scam uses a the promise very good deal or significant gain...