Phishing

Fraudulent New Salary Details Phish

September 22, 2025

This phony email is allegedly from a campus department regarding new salary details or a financial bonus.

The message will request you follow a link and enter your CalNet username and password, and often personal cell phone number for your new salary or compensation details.

What makes this a phishing message?

Salary and compensation details are announced in the expected UC Berkeley official channels. The scam uses a the promise of a salary increase of a bonus to lure the recipient into clicking the link and sending credentials....

Bogus bCal Meetings - Spam / Malware

September 10, 2025

A default setting in bCal may allow anyone from the internet to add you to a Google Calendar invite. This is being used to create fake spam meetings or include potentially malicious links or attachments. Any links included are as dangerous as the ones that would have been included in a phishing email.

What makes this a phishing message?

The non UC Berkeley senders are sourcing @berkeley.edu email addresses and creating the fake meeting, including subjects like:

Bitcoin Purchase Payment Overdue McAfee Subscription Charge...

The Phish Tank

What is Phishing

Phishing is when cyber criminals trick you into giving them your personal information, like passwords or credit card details, by pretending to be a legitimate company or person. They often do this through fake emails, messages, or websites. Scam emails may even come from a Berkeley email address that’s been compromised, so be alert. Got an email that seems suspicious and not listed here? Report it.

Check the "Phish Tank"

Below are examples of recent...

Fake Assessment Report Email - Credential Theft

August 29, 2025

This phony Assessment notification was received by many bMail users. It is part of a credential stealing attempt.

What makes this a phishing message?

The senders email is not a @berkeley.edu email, often a @gmail.com, @outlook.com, or netzero.net account.

This targeted phishing scam uses urgency indicating a task to complete.

The target page below is a non-UC Berkeley Google form. Campus users will never be asked to enter their CalNet credentials in any site other than a UC Berkeley CalNet CAS authentication page.

The most...

Musical Instrument Give Away Fraud Phish

August 29, 2025

This fake email is allegedly from a campus member and offers to generously give away musical instruments or sometimes welding tools if only the recipient will pay for shipping.

They will recommend a moving company who will ask you to send money via Zelle, PayPal, or another digital wallet app, wire money, or pay with prepaid debit cards.

What makes this a phishing message?

This targeted phishing scam pretending to be a UC Berkeley colleague and offers a deal too good to be true. The scam uses a the promise very good deal or significant gain...

Fraudulent Concert Ticket Cal-1 Card Scam

July 25, 2025

Our office has received a number of reports recently of bogus offers for free or discounted convert tickets offered in UCB student platforms (discord, chatgroups, etc.).

What makes these phishing? When contacted the individual may ask for a fee, or increase the price. To verify the requestor's identity, the bad actor will ask for a scan or image of the student's Cal-1 Card be sent to them. Tips if Something Seems Off: The renegotiation of price with a stranger will seem suspicious. Also the request for an ID document...

Phishing Attack Using Misconduct Subject Lines

July 15, 2025

July 15, 2025: We are starting to see another wave of phishing attacks designed to steal credentials and reroute UCPath Direct Deposit.

What makes these phishing?

The newest fake emails may reference a pending investigation of misconduct, to which they then ask you to enter your CalNet credentials on a very authentic-looking, but fake, CAS page.

Odd URLs ending with /auth.berkeley.edu. proplas[.]ca/auth.berkeley.edu satisartirmamerkezi[.]com/auth.berkeley.edu img2.juvlon[.]com/auth.berkeley.edu The most recent frauds...

Multiple Phishing Attacks to Redirect Payroll in UCPath

May 15, 2025

We are seeing a spike in sophisticated tactics used to phish for credentials that are then used in concert with other methods to redirect direct deposit routing in UCPath.

These new tactics involve phishing emails, text messages, and highly accurate - but fake - UCPath websites.

What makes these phishing?

This targeted phishing scam impersonates the UC Berkeley Duo Admin to create fear and cause the recipients to act, scanning the QR code, leading to a malicious link.

This...

Fake Debt Collection Google Doc Share

April 17, 2025

Unknown parties are sending fake Google Doc Shares with an urgent subject line. They usually refer to lawsuits or debt collection.

The bad actor is using the same Google Doc service, so the 'from' email will be the service email (via Google Drive)" <drive-shares-noreply@google.com>. The name of the sender

"Lаthаm & Wаtkins Dеbt ...

"MоrgɑnLеwis© - Suppоrt...

is made to sound official but is fake.

...

Jan 2025 bCourses Audit Attempts

January 22, 2025

An ineligible former Summer Session student is attempting to contact faculty directly and be added to many bCourses.

What makes this a phishing message?

In the Spring of 2024, a very similar incident occurred. The messages are usually send from an @gmail.com account, but may come from @berkeley.edu emails.

The reason for attempting to gain access to course materials seems unclear and the requests have come from both @berkeley.edu addresses and personal accounts like @gmail.com. Please remember that even if an email comes from a legitimate @berkeley.edu address, the sender...