Dear campus community,
During the COVID-19 crisis, phishing attacks, ransomware, and stolen credentials have become even greater threats to our individual and institutional online security. Cyber criminals are taking advantage of these unprecedented times by increasing attacks against universities.
Three key things you can do right now to protect yourself and campus
Protect your password. Use your CalNet passphrase only for your UC Berkeley login and choose unique passwords for each of your online accounts. A recent incident was related to reused passphrases across the campus community.
Think before you click. Phishing and ransomware attacks are on the rise. Do not give personal or sensitive information to anyone until you have verified that they are legitimate. No reputable company will ask for sensitive information via email, text message, or phone.
Update your devices. If you are responsible for devices that connect to our network, make sure software is updated and that you are following appropriate protocols. Recent attacks at other universities have exploited vulnerable machines and networks in the research enterprise.
Cybersecurity is Everyone’s Responsibility
The more informed you are, the better you can protect your personal and institutional data. Learn more about the important role you play in protecting your identity and data:
- Fight the Phish - offers ways to identify, avoid, and report phishing attacks.
- The Phish Tank - provides examples of malicious emails targeted at UC Berkeley.
- Ransomware Toolkit - shares how to protect yourself against ransomware attacks.
Phishing & Ransomware
Phishing attacks can occur through email, phone calls, texts, instant messaging, or social media. Attackers are after your personal information: usernames, passwords, credit card information, Social Security numbers. However, they are also after intellectual property, research data, and institutional information. Phishing scams can have several goals, including:
- Stealing from victims - modifying direct deposit information, draining bank accounts.
- Performing identity theft - running up charges on credit cards, opening new accounts.
- Purchasing items - buying gift cards, tricking victims into working on their behalf.
- Getting victims to act - clicking on malicious links, installing malware on their devices.
Ransomware is often spread through phishing emails via malicious links or attachments. But cybercriminals can also take stolen credentials and install malware on devices. Once installed, malware can be used to encrypt your system, or systems you connect to, to block access to a computer system - or data - until a ransom is paid.
Our Role in Protecting Campus
To mitigate risks to personal and institutional information, the Information Security Office (ISO) works around the clock to thwart cyber attacks. We offer a suite of services to campus, including:
Actively monitoring the campus network for attempts to exploit campus systems and removing threats to the network when detected.
Supporting tools for secure access to the campus network.
Assessing campus information services to ensure institutional information is handled safely.
Thank you for continuing to do your part to protect yourself and to keep our community’s sensitive information safe.
Jenn Stringer, Associate Vice Chancellor for Information Technology and Chief Information Officer
Allison Henry, Chief Information Security Officer