The Phish Tank

Welcome to the "Phish Tank"

Phishing Example: Evaluation of UCRP Benefits for University of California, Berkeley

July 5, 2020
These are targeted forms of phishing emails designed to get victims to click on malicious links and to give up personal email or phone numbers. UC Berkeley has no relationship with this organization. If you receive an email from PERA, do not interact, report it as a phishing email through bmail and delete.

Let's Get Ready to Report Phish!

Are you ready to rumble?

When you report phishing attacks, the information you send via bMail helps Berkeley fight the attackers. When enough users report an email as a phishing attack our mail systems prevent these nefarious senders from reaching more users on campus. By reporting, you are protecting your fellow Bears. Reporting through Google is quickest way to protect colleagues and campus community from attacks.

How to report:

Using the bMail web interface:

Phishing Example: URGENT REQUEST (Email Impersonation)

June 30, 2020
These are targeted and simple forms of phishing emails designed to get victims to purchase gift cards, or to give up personal email or phone numbers. The "email compromise" gets its name because the attacker mimics the email of a known sender. However, these can also be sent through a legitimate, albeit hacked account. The messages start out as basic greetings then progress into requests for money or data. Since the content is highly personalized it’s often easy to get hooked.

Get in the Ring

Join the Fight

Knowing how to dodge a phishing attack is essential, but launching the correct counter attack is just as important. Make sure to report suspected phishing attacks so that we can remove their threat. Even if the email has official logos or links to a legitimate website, it could still be fraudulent.

If you suspect a message is not valid, call the individual or office that supposedly sent the email to confirm that it's a real request. 

Float Like A ButterFly

Don't Get Stung

Since emails can be easily spoofed, it’s a good habit to “float” your cursor over an address before replying. It's tempting, but don’t click on links or automatically reply to emails, even if it seems to be from someone you know. Instead, hover over the link with your mouse to see the underlying email or URL destination.

Keep Your Guard Up


Emails that create urgency and fear are usually fake. Scammers may insist that immediate action is necessary and pretend to be a friend, colleague, or another trusted entity. Don't let these tactics trick you into letting down your guard; stay calm and read the email carefully.

This Time, It's Personal

"I can’t talk right now, but I need your help..."

Attackers use personal, public information about you to lure you into responding. While masquerading as a colleague or university official, they try to get you to send them sensitive information, purchase gift cards, or get you to click on a malicious link to infect your computer or getting access to a university system.