Cyber Security Month Tip of the Week #4: Protect Your CalNet ID

October 24, 2013

A message from Larry Conrad, AVC-IT & CIO

Thank you for the efforts you are taking this month to raise awareness among your customers and colleagues about phishing threats and the danger of deceptive links.

'Phishing' schemes persist because they work. Unfortunately, there is no magic answer. Be careful and use this week’s tip when entering your CalNet credentials. Fraudulent authentication pages are designed to compromise your CalNet credentials.

How then are we to know if the authentication page is genuine or not? That brings us to this week's tip:

"Check for Trash Before the Slash"—Verify before entering your CalNet credentials

You are asked to enter your CalNet passphrase on what looks like the standard blue CalNet Authentication page. How can you be certain it’s the real page? Try this tip to see!

Always check the actual URL to make sure it starts with:

https://auth.berkeley.edu/.

Additional referral information will appear after the first single slash.

Fraudulent login screens designed to steal your credentials may look authentic if you’re not paying attention to the URL. Trusted UC Berkeley authentication pages will never have anything phishy before the first single slash.

Good Example: https://auth.berkeley.edu/cas/login?service

Bad Example: https://auth.berrkeley.webs.com/

Please help spread the word that each member of the campus community plays a key role in protecting campus information assets.

Look for next week’s downloadable fliers at:

https://security.berkeley.edu/phishing

And a special thanks to our colleagues in ETS for taking this opportunity to use these materials to educate campus IT customers about IT security. Hard copies of posters or postcards are available at the reception desk of Earl Warren Hall, 2484 Shattuck Avenue, or 41 Dwinelle.

Protecting your CalNet passphrase is one of your most basic, and most important, information security responsibilities. If your password is compromised, it can be used to attack other campus systems and put institutional assets at risk.

Only YOU can PROTECT your CalNet passphrase!