Phishing

Fake Email Account Suspension email

December 2, 2024

This fake email termination message was received by many users allegedly telling them their campus email account would be suspended.

Commonly used phony subject lines include:

'ADVANCE WARNING'

'***Urgent*** Your Account Will Be Suspended'

'ATTENTION!!! Actin Needed Now'

Tips if Something Seems Off:

UC Berkeley Help Desks will NEVER initiate contact directly via test to personal cell phone numbers

No technician will ever ask you to send them a password, DUO push code or other secret account information, especially in an insecure...

Fake UC Berkeley Financial Support Program

December 4, 2024

This phony email was sent impersonating a UC Berkeley administrative department. It was attempting to get users to click with a bogus $2,250 financial bonus for eligible faculty and staff.

What makes this a phishing message?

The sender is not an @berkeley.edu sender and the login page is NOT an official CalNet CAS page.

This targeted phishing scam uses financial motivation and curiosity to attempt to get campus affiliates to send their usernames, emails, and passwords.

Tips if Something Seems Off: You will never be asked to enter your credentials into any non UCB page...

Phony Staff Assessment Doc Link

January 21, 2025

This phony Staff Assessment notification was received by many bMail users. It is part of a credential stealing attempt.

What makes this a phishing message?

The senders email is not a @berkeley.edu email, likely a compromised account from the Austin, TX school district @austinisd.org

This targeted phishing scam uses urgency indicating a task to complete.

The target page below is a free Jot webform. campus users will never be asked to enter their CalNet credentials in any site that is not a UCB CAS authentication page.

The most recent Frauds have had subject lines...

Jan 2025 bCourses Audit Attempts

January 22, 2025

An ineligible former Summer Session student is attempting to contact faculty directly and be added to many bCourses.

What makes this a phishing message?

In the Spring of 2024, a very similar incident occurred. The messages are usually send from an @gmail.com account, but may come from @berkeley.edu emails.

The reason for attempting to gain access to course materials seems unclear and the requests have come from both @berkeley.edu addresses and personal accounts like @gmail.com. Please remember that even if an email comes from a legitimate @berkeley.edu address, the sender...

The Phish Tank

Welcome to the "Phish Tank"

This page highlights examples of phishing emails received on campus. These examples are intended to educate every Berkeley email user on how to spot a phish. If you receive an email not listed here and that seems suspicious, report it via the methods listed above. For more tips on avoiding phish, visit our Fight the Phish page.

PHISHING EXAMPLE: Email Account Removal

May 6, 2022
Dear recipient We have received your cancellation request and you are no longer subscribed to security.berkeley.edu If you did not request cancellation, kindly click below to reactivate your account.

PHISHING EXAMPLE: CAUTION : eMail Account Block

May 6, 2022
Attention recipient , We have received your request to terminate your email account below, and the request will be concluded within 12hours from now.

PHISHING EXAMPLE: Norton

February 15, 2022
Welcome Subscriber; Your Annual membership for NORTON 360 TOTAL PROTECTION has been renewed and updated successfully. The amount charged will be reflected within the next 24 to 48 hrs on your profile of account. Product Information: INVOICE NO. @ GGH1644259106OV ITEM NAME @ NORTON 360 TOTAL PROTECTION START DATE @ 2022 Feb 07 END DATE @ 1 year from START DATE GRAND TOTAL @ $240.42 USD PAYMENT METHOD @ Debit from account If you wish to not to continue subscription and claim a REFUND then please feel free to call our Billing Department as soon as possible. You can Reach us on : +1 – ( 803 ) – ( 598 ) – 4473 Regards, Billing Department SP

PHISHING EXAMPLE: English Dept. (Prof. Duncan) Job Offers

January 19, 2022
Using several different emails to send from and various subject lines, this attacker used the name of an actual Berkeley professor to send out a call for remote assistant work.

PHISHING EXAMPLE: WORK FROM HOME / BERKELEY PAID JOB OFFER

September 10, 2021
Dear Student, We got your contact through your school database and I'm happy to inform you that our reputable company Cisco Systems Inc® is currently running a student empowerment program. This program is to help devoted and hardworking students secure a part time job which does not deter them from doing any other, you just need a few hours to do this weekly and with an attractive weekly wages. KINDLY EMAIL BACK WITH YOUR PERSONAL EMAIL ADDRESS IF INTERESTED IN THIS JOB POSITION.