Develop Safe Habits

Common cybersecurity tips

PHISHING EXAMPLE: Fraudulent 'Broken Lab Equipment' Scam

January 30, 2024
What makes this a phishing message?

This targeted phishing scam impersonates the UC Berkeley faculty member or campus lab manager.

This email is sent to the parents of a student working in a campus lab. It invents a phony 'accident' that damaged an expensive piece of lab equipment and asks the parents of the lab member to reimburse the lab for part of the cost of replacement.

This targeted phishing scam uses urgency and fear to cause the recipients to act, extorting money from a phony accident.

Tips if Something Seems Off:

The message is sent from a...

Students: Beware of employment scams via email

December 7, 2023

Every year, students at UC Berkeley are scammed out of thousands of dollars via fake employment offers. Beware of unsolicited emails, phone calls, texts or even facebook messages offering internship or employment opportunities. If you receive a job offer, don’t trust it without verifying – contact the person offering the job via their contact info in the campus directory or via a berkeley.edu departmental website....

Data Syncing Services

Sync Services

Sync service backups can be set up through Google Drive or Box and both encrypt the data in transit and at rest. However, these services are only suitable for P2 and P3 data - not P4, review what data can be stored in my UC Berkeley Google accounts (bMail,...

Backing Up Your Data

What is a Backup?

A backup is a second copy (or more) of your digital files and it can protect you from data loss. You can access this backup in the event your device or data become inaccessible, destroyed, or damaged. Data loss can occur in many ways: a computer or hardware crash, a lost or stolen device, data corruption, or malware that encrypts it and holds it for ransom.

Two types of backup are sync services and traditional backups: Sync (or cloud) services backup individual files and do not include...

Fake DUO Authentication Request

October 9, 2023
What makes this a phishing message?

This targeted phishing scam impersonates the UC Berkeley Duo Admin to create fear to cause the recipients to act, scanning the QR code which leads to a malicious link.

This targeted phishing scam uses urgency and fear to cause the recipients to act, exposing their personal information.

Tips if Something Seems Off: Double-check the email address before responding. Individual email users (even accounts made to look like berkeley.edu accounts) will never ask for this action. If the link is followed, the campus will NEVER ask for credentials to be...

Roles and Responsibilities Policy

University of California, Berkeley

Policy Issued: 04/01/2022

Effective Date: 04/01/2023

Supersedes: N/A - New policy

Next Review Date: 04/01/2027

UCB Seal

Roles and...

Password Management with LastPass

Overview

Creating strong, unique passwords for each of your personal and work accounts isn't a chore when using a password manager - like LastPass. LastPass can generate and remember passwords for you - no more writing your passwords down and potentially exposing your credentials. Using strong and unique passwords on each of your accounts increases your personal and professional online security.

UC Berkeley offers FREE...

Security Tips for Travel

We often take for granted what it means to travel with our devices and staying digitally connected often means connecting to public networks in hotels, airports, train stations, and conference halls, that employ minimal security measures. Public networks may harbor malware from cybercriminals looking to steal your data for identity fraud, as well as nation-state actors targeting academic and business...

Security Tips for International Travel

International TravelFor members of the campus community, a trip to a foreign country presents unique data security challenges. The nature of international travel requires you to use your device (laptop, tablet or smartphone) in various unfamiliar places that may expose your data and device to malicious people and software.

...

Traffic Light Protocol

Overview

The Traffic Light Protocol (TLP) was created to facilitate greater sharing of information. TLP is a set of designations used to ensure that sensitive information is shared with appropriate audiences.

TLP uses four colors to define sharing boundaries to be applied by the recipient(s) indicating when and how sensitive information can be shared, and by facilitating more frequent and effective collaboration. TLP is optimized for ease of adoption, human readability and person-to-person sharing; it may be used in automated sharing exchanges...