Increase in Email Impersonation Attacks Reported on Campus

January 14, 2019

Dear Campus Colleagues,

A widely reported spear phishing scam, termed “Business Email Compromise (BEC),” has been targeting universities and other academic institutions. These attacks are designed to impersonate someone you know in an attempt to gain access to sensitive information or to encourage you to transfer funds or provide gift cards. Messages tend to come from an account mimicking a trusted sender. They can start out as basic greetings then progress to requests for money, gift cards, or information. Since the content is highly personalized to you, it’s often easy to get tricked.

Be Alert & Take Action

Not sure if it’s a Phish? We are confident scammers will attempt to send these emails to our campus asking you to respond. We encourage you to be skeptical and inquire by sending an email to consult@berkeley.edu or calling 510-664-9000 if you are unsure whether an email is legitimate.

Do not share your CalNet passphrase with anyone. No person should ask you to reveal your CalNet credentials, via email, in-person or on the phone. Any such request is not a legitimate request and should be refused.

The campus information security team can provide more in-depth presentations about this vulnerability, phishing scams, or other security topics to campus departments, units or other peer organizations. We encourage departmental administrators and other interested individuals and groups to send an email to security@berkeley.edu or find phishing resources on our website at  security.berkeley.edu/phishing with information and examples of these types of attacks.

Regards,

Larry Conrad, Associate Vice Chancellor for IT and Chief Information Officer
Jeremy Rosenberg, Chief Information Security Officer