Cybersecurity Awareness

Fake: URGENT: COVID-19 Variant Case Alert

July 3, 2024

This phony potential Covid contact alert was received by many users sent to their Campus bMail accounts.

What makes this a phishing message?

This targeted phishing scam is using a fake UC Berkeley email address

From: UC Berkeley Alerts <CHI-Information@case.edu>

This targeted phishing scam directs user to a bogus CAS authentication page..

Tips if Something Seems Off:

The serious nature of the report is intended to cause alarm in recipients and lure them into clicking the link and entering their...

PHISHING EXAMPLE: Phony Email confirmation Text Message

June 11, 2024
Luca Giles

This fake email termination notification was received by many users on their personal cell phone numbers via text message.

What makes this a phishing message?

This targeted phishing scam is pretending to be a UC Berkeley technician and uses urgency and fear to cause the recipients to act, threatening loss of service (email).

Tips if Something Seems Off:

UC Berkeley Help Desks will NEVER initiate contact directly via test to personal cell phone numbers

No technician will ever ask you to send them a password, DUO push code or other secret account information...

Protecting Your Data

Overview:

Data is one of UC Berkeley’s most critical assets. The complexity and volume of the data we are taking in is growing while at the same time regulatory requirements are becoming more stringent. These factors make correctly managing data vital for ensuring its confidentiality, integrity, and availability remain intact.

The data management lifecycle:

Proper handling of data throughout its lifecycle is critical to optimizing its utility, minimizing the potential for errors, and protecting it from breaches. No...

Securing Remote Desktop (RDP) for System Administrators

How secure is Windows Remote Desktop?

Remote Desktop sessions operate over an encrypted channel, preventing anyone from viewing your session by listening on the network. However, there is a vulnerability in the method used to encrypt sessions in earlier versions of RDP. This vulnerability can allow unauthorized access to your session using a man-in-the-middle attack.

Remote Desktop can be secured using SSL/TLS in Windows Vista, Windows 7,...

Students: Beware of employment scams via email

December 7, 2023

Every year, students at UC Berkeley are scammed out of thousands of dollars via fake employment offers. Beware of unsolicited emails, phone calls, texts or even facebook messages offering internship or employment opportunities. If you receive a job offer, don’t trust it without verifying – contact the person offering the job via their contact info in the campus directory or via a berkeley.edu departmental website....

SSH Key Management

An SSH key with a passphrase provides additional security and can act as an additional authentication factor. Adding a passphrase to your SSH keys is recommended to comply with the Remote Access Services Requirement of the Minimum Security Standard for Networked Devices (MSSND)

See instructions for setting up SSH key authentication for Windows, Mac, and Linux below. ...

PHISHING EXAMPLE: Fraudulent 'Broken Lab Equipment' Scam

January 30, 2024
Luca Giles
What makes this a phishing message?

This targeted phishing scam impersonates the UC Berkeley faculty member or campus lab manager.

This email is sent to the parents of a student working in a campus lab. It invents a phony 'accident' that damaged an expensive piece of lab equipment and asks the parents of the lab member to reimburse the lab for part of the cost of replacement.

This targeted phishing scam uses urgency and fear to cause the recipients to act, extorting money from a phony accident.

Tips if Something Seems Off:

The message is sent from a...

Enabling Full Disk Encryption

Overview

Full disk encryption protects the data on your device in the event it is lost or stolen. Without full disk encryption, if the data drive in the computer is removed, the data can be easily read and accessed. When correctly deployed, full disk encryption requires unauthorized users to have both physical access to your device as well as the password in order to decrypt the data on your device.

However, if both the password and the recovery key are unknown or lost, the device cannot be decrypted and the...

Data Syncing Services

Sync Services

Sync service backups can be set up through Google Drive or Box and both encrypt the data in transit and at rest. However, these services are only suitable for P2 and P3 data - not P4, review what data can be stored in my UC Berkeley Google accounts (bMail,...

Backing Up Your Data

What is a Backup?

A backup is a second copy (or more) of your digital files and it can protect you from data loss. You can access this backup in the event your device or data become inaccessible, destroyed, or damaged. Data loss can occur in many ways: a computer or hardware crash, a lost or stolen device, data corruption, or malware that encrypts it and holds it for ransom.

Two types of backup are sync services and traditional backups: Sync (or cloud) services backup individual files and do not include...