Phishing

Scammers are Exploiting Coronavirus Fears to Phish Users

March 9, 2020
Attackers have been sending emails that feed on concerns about COVID-19 to spread malware, trick them into sharing account credentials, or opening malicious attachments.

Phishing Example: RE: Notice from @rescue.org

March 14, 2016
A phishing message purporting to be from the International Rescue Committee regarding IT maintenance has been circulating on campus. The message requests that the recipient upgrade their mailbox size by selecting a link that redirects to a malicious website.

Scammers Exploit California’s COVID-19 Contact Tracing Program

July 15, 2020
In ongoing efforts to mitigate the spread of COVID-19, Gov. Newsom launched "California Connected, " the state's contract tracing program and public awareness campaign. Malicious actors are leveraging the program to use phishing scams to exploit the public.

What is Phishing?

Phishing is a type of attack carried out in order to steal information or money. Phishing attacks can occur through email, phone calls, texts, instant messaging, or social media. Attackers are after your personal information: usernames, passwords, credit card information, Social Security numbers. However, they are also after intellectual property, research data, and institutional information. Phishing scams can have several goals, including:

Stealing from victims - modifying direct deposit information, draining bank accounts...

Let's Get Ready to Report Phish!

Are you ready to rumble?

When you report phishing attacks, the information you send via bMail helps Berkeley fight the attackers. When enough users report an email as a phishing attack our mail systems prevent these nefarious senders from reaching more users on campus. By reporting, you are protecting your fellow Bears. Reporting through Google is quickest way to protect colleagues and campus community from attacks.


How to report:

Using the bMail web interface:

Open the message To the right of 'Reply' arrow...

Get in the Ring

Join the Fight

Knowing how to dodge a phishing attack is essential, but launching the correct counter attack is just as important. Make sure to report suspected phishing attacks so that we can remove their threat. Even if the email has official logos or links to a legitimate website, it could still be fraudulent.

If you suspect a message is not valid, call the individual or office that supposedly sent the email to confirm that it's a real request.

Do not click onlinks within an email that...

Float Like A ButterFly

Don't Get Stung

Since emails can be easily spoofed, it’s a good habit to “float” your cursor over an address before replying. It's tempting, but don’t click on links or automatically reply to emails, even if it seems to be from someone you know. Instead, hover over the link with your mouse to see the underlying email or URL destination.

For iOS touchscreen devices, press and hold the email address or linkdon't tap itto reveal the actual email address or URL. Remember, never reply to an...

Keep Your Guard Up

SUBJECT: URGENT!!

Emails that create urgency and fear are usually fake. Scammers may insist that immediate action is necessary and pretend to be a friend, colleague, or another trusted entity. Don't let these tactics trick you into letting down your guard; stay calm and read the email carefully.

Phishing attacks can also occur through phone calls, texts, or instant messaging, so be aware of these other methods. It's important to be vigilant at all times and remain suspicious of sources that ask you for credentials and other...

This Time, It's Personal

"I can’t talk right now, but I need your help..."

Attackers use personal, public information about you to lure you into responding. While masquerading as a colleague or university official, they try to get you to send them sensitive information, purchase gift cards, or get you to click on a malicious link to infect your computer or getting access to a university system.

Always remember that UC Berkeley and organizations that care about protecting your information will never ask you to send...

Know Your Opponent

Emails Can Be Spoofed

Email spoofing is the creation of email messages with a forged sender address. Often these phishing emails will come from names you know, or are familiar with and have an urgent request. Some may demand that you "update your account information" or "login to confirm ownership of your account".

Attackers may also set up web sites under their control that look and feel like legitimate web sites. If you enter your credentials into these illegitimate websites, you are sending your username and password directly to the attackers. Stop and...