Phishing

Support Ending for TLS 1.0 and 1.1 Protocols

January 28, 2020

On Mar. 23 CalNet will fully depreciate TLS 1.0/1.1.

On Mar. 23, CalNet will disable TLS 1.0 and 1.1 protocols from being used to access CAS, Shibboleth, CalGroups, CalNet Account Manager, and LDAP. TLS 1.0 and 1.1 are insecure and vulnerable to attacks which risk the integrity and authentication of data sent between client and destination. Disabling these protocols is meant to mitigate these issues, adhere to campus policy, and to protect institutional data and IT resources. 

Phone Phishing and Telephone Spoofing Scam

January 27, 2020

We have become aware that identity thieves are calling individuals on campus via landline or cellular devices asking for personal information. Remember to be vigilant and careful about protecting your personal information.

We work very hard to protect our voice network; however, attackers may try to use a technology called spoofing to trick you into giving up information.  Spoofing is the practice of deliberately falsifying the information transmitted to your caller ID to pretend to be someone else.  

Phishing Example: Urgent Request

January 9, 2020
These are targeted and simple forms of phishing emails designed to get victims to purchase gift cards, the "email compromise" gets its name because the attacker mimics the email of a known sender. However, these can also be sent through a legitimate, albeit hacked account. The messages start out as basic greetings then progress into requests for money or data. Since the content is highly personalized it’s often easy to get hooked.

Phishing Example: Part time work assistant needed

October 30, 2019
This message, appearing to come from a professor, was successful at convincing several students to engage in back and forth emails ending in money changing hands. If you have received this message and shared correspondence with the scammer, we recommend that you cease correspondence immediately and contact UCPD if there has been any financial transactions.

Phishing for Gift Cards

July 17, 2019

"Hey, are you available?"

Phishing Example: Robocalls

July 21, 2019
Robocalls are on the rise. Be wary of any pre-recorded messages you might receive.

Phishing Example: Business Email Compromise

December 27, 2018
These are targeted and simple forms of phishing emails designed to get victims to purchase gift cards, the "email compromise" gets its name because the attacker mimics the email of a known sender. However, these can also be sent through a legitimate, albeit hacked account. The messages start out as basic greetings then progress into requests for money or data. Since the content is highly personalized it’s often easy to get hooked.

Anti-Phish Tip #4

Check for Trash Before the Slash

Check for Trash Before the Slash

Verify "https://auth.berkeley.edu/" Before Entering CalNet Credentials

The Phish Tank

Welcome to the "Phish Tank".  This page highlights examples of phishing emails received on campus.  There are many variations of the types of scams listed here, this is only a small sampling of ones we've received. 

This list is intended for the purpose of educating students and staff to spot a phish, do not assume an email is safe because it is not listed here.

Why is understanding the risk of Phishing important?

Phishing attacks are an ongoing threat to campus and are becoming increasingly sophisticated. Successful Phishing attacks can cause financial loss for victims and put their personal information at risk.