A compromised UMBC account was used to send phishing emails to over 1200 other UMBC accounts today. These malicious emails, claiming to be from the “UMBC IT Desk,” contained a link to a fake myUMBC login page, potentially allowing the malicious actors to steal any passwords entered on the site. To prevent further malicious activity, DoIT Security has scrambled the password of the account used to send the emails.

From: <name removed>

Date: Mon, Aug 24, 2020 at 10:40 AM

Subject: COVID-19 Update

To:

This is the UMBC IT Desk. Kindly Update your details to avoid beinglocked out of your email account.

Follow the URLbelow to proceed to setup umbc.edu/cas-web/login/Update

IT DeskUMBC

The link leads to this fake login page:

Always check the URL before entering credentials online. Notice that this site is not in the umbc.edu domain, despite claiming to be myUMBC. In addition, you can compare it to the real login page by navigating to myUMBC without using a link to see that it does not match.

As of this writing, approximately 150 people have clicked this link. If you have entered your UMBC password after clicking the link in this phishing email, please change it to something substantively different as soon as possible. Instructions for doing so can be found here:https://wiki.umbc.edu/pages/viewpage.action?pageId=1867939.

If you do receive any email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

In January 2020, Zoosk 2020, an online dating service, suffered a data breach. This breach contained 24 million users data that was posted online. The user information includes dates of birth, drinking habits, education levels, email addresses, ethnicities, family structure, genders, geographic locations, income levels, names, nicknames, physical attributes, political views, relationship statuses, religions, sexual orientations,and smoking habits. While the passwords posted were not valid for access to UMBC accounts, we suggest you change your UMBC password as a safety precaution.

76 UMBC accounts were victims of this breach. The victims are being notified via their UMBC emails and/or their alternate emails. If you have a Zoosk (2020) account, please contact them to see if you have been affected by this breach. To see if you were involved in any other breach visit: https://haveibeenpwned.com/.

More about Zoosk(2020) data breach:

https://grahamcluley.com/zoosk-hacking/

https://www.justice4you.com/blog/zoosk-data-breach.html#:~:text=According%20to%20the%20notice%2C%20an%20unauthorized%20party%20breached,by%20email%2C%20including%20more%20than%20560%2C000%20California%20residents.

If you have any questions or concerns email us: security@umbc.edu 

Information about this breach was provided to us by Have I Been Pwned(HIBP). 

_____________________________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. Instructions for doing so can be found at the UMBC support wiki: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Need to set up a recovery email for your UMBC account?

Follow the instructions here: https://my3.my.umbc.edu/groups/itsecurity/posts/94776

Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity

In July 2020, an online alcohol delivery service, Drizly, suffered a data breach. This breach contained 2.5 million customers data that was sold online, and then posted on a hacking forum. The customer information includes names, email addresses, IP addresses, physical addresses, date of birth, phone numbers, and passwords. No financial information was leaked.

106 UMBC accounts were victims of this breach. The victims are being notified via their UMBC emails and/or their alternate emails. If you have a Drizly account, please contact them to see if you have been affected by this breach. To see if you were involved in any other breach visit: https://haveibeenpwned.com/.

More about Drizly data breach:

https://techcrunch.com/2020/07/28/drizly-data-breach/

https://www.forbes.com/sites/katedingwall/2020/07/29/alcohol-e-commerce-giant-drizly-hit-with-huge-data-breach/#63b0d40b5a96

If you have any questions or concerns email us: security@umbc.edu 

Information about this breach was provided to us by Have I Been Pwned(HIBP). 

_____________________________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. Instructions for doing so can be found at the UMBC support wiki: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Need to set up a recovery email for your UMBC account?

Follow the instructions here: https://my3.my.umbc.edu/groups/itsecurity/posts/94776

In June 2020, Havenly, an interior design website, suffered a data breach. Approximately 1.4 million members' personal information was exposed. This data includes names, email, phone numbers, addresses and passwords stored as SHA-1 hashes. This information was shared on an online hacking community. 

28 UMBC accounts were affected by this breach. The victims have been notified via their UMBC emails and/or their alternate emails. If you have a Havenly account, please contact them to see if you have been affected by this breach.

More about Heavenly data breach:

https://www.bleepingcomputer.com/news/security/hacker-leaks-386-million-user-records-from-18-companies-for-free/ 

If you have any questions or concerns email us: security@umbc.edu 

Information about this breach was provided to us by Have I Been Pwned(HIBP).

_____________________________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. Instructions for doing so can be found at the UMBC support wiki: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Need to set up a recovery email for your UMBC account?

Follow the instructions here: https://my3.my.umbc.edu/groups/itsecurity/posts/94776

Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity

In June 2020, a marketing video creator website, Promo, suffered a data breach. 22 million users' personal information was leaked on an online hacking forum. This data includes names, email, gender, IP addresses and passwords stored as SHA-256 hashes. This information was shared on an online hacking community. 

34 UMBC accounts were affected by this breach. The victims have been notified via their UMBC emails and/or their alternate emails. If you have a Promo account, please contact them to see if you have been affected by this breach. Also visit https://haveibeenpwned.com/ to see if you were involved in any other breach.

More about Promo data breach:

https://support.promo.com/en/articles/4276475-promo-data-breach-faq 

https://www.bleepingcomputer.com/news/security/promocom-discloses-data-breach-after-22m-user-records-leaked-online/#:~:text=Promo.com%2C%20an%20Israeli-based%20marketing%20video%20creation%20site%2C%20has,networks%20such%20as%20Facebook%2C%20Instagram%2C%20Twitter%2C%20and%20LinkedIn.

If you have any questions or concerns email us: security@umbc.edu 

Information about this breach was provided to us by Have I Been Pwned(HIBP). 

_____________________________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. Instructions for doing so can be found at the UMBC support wiki: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Need to set up a recovery email for your UMBC account?

Follow the instructions here: https://my3.my.umbc.edu/groups/itsecurity/posts/94776

Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity

In June 2020, ProctorU, an online examination service, suffered a data breach. Over 444K user records were exposed and posted to an online hacking community. These records contain names, emails, physical addresses, phone numbers and passwords.

36UMBC accounts were affected by this breach. The victims have been notified via their UMBC emails and/or their alternate emails. If you have a ProctorU account, please contact them to see if you have been affected by this breach. To see if you were involved in any other breach visit: https://haveibeenpwned.com/.

More about ProctorU data breach:

https://www.smh.com.au/national/hackers-hit-university-online-exam-tool-20200806-p55j6h.html

https://www.bleepingcomputer.com/news/security/proctoru-confirms-data-breach-after-database-leaked-online/

If you have any questions or concerns email us: security@umbc.edu 

Information about this breach was provided to us by Have I Been Pwned(HIBP). 

_____________________________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. Instructions for doing so can be found at the UMBC support wiki: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Need to set up a recovery email for your UMBC account?

Follow the instructions here: https://my3.my.umbc.edu/groups/itsecurity/posts/94776

Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity

Malicious actors are using Covid-19 and current economic conditions to exploit victims with new phishing scams. The article linked below talks about two similar phishing scams. One scam claims to be giving the user a bonus while mimicking a Microsoft SharePoint notification. The other attempts to spoof a Microsoft Planner email notification. Both scams are trying to steal the user’s Microsoft login credentials. 

“Summer Bonus” Phishing Scam

The scammer sends an email that looks like a legitimate Microsoft SharePoint notification. The email offers what looks like a bonus for the month while also having an “open” button to display an explanatory file. An example of this email is shown below.

If the victim clicks on the “open” button they will be brought to a website that looks very similar to a Microsoft login page. A closer look reveals that this is not a link to a Microsoft login page but to an AppSpot site created by the scammers. Appspot.com is a cloud computing platform for developing and hosting web applications in Google-managed data centers.

If the victim enters their login credentials into the fake Microsoft login page, their account would be compromised.

Microsoft Planner Phishing Scam

Similar to the “Summer Bonus” scam, this Microsoft Planner Phishing Scam uses an email that tries to spoof a Microsoft Planner notification. As in the “Summer Bonus” scam, it has a button but this one says “Open in Microsoft Planner” and will take you to a fake Microsoft login page. An example of this email is shown below.

As with the previous scam, if the victim enters their login credentials into the fake Microsoft login page, their account would be compromised.

To avoid these scams, make sure the site you land on after clicking the button is really a Microsoft domain. If the site is a login for Microsoft then the URL should direct your browser to a legitimate Microsoft domain.

Even before clicking any buttons, look at the From address in the headers. The scammer’s display name makes it appear as if it belongs to the targeted company. The headers can show if the From email address itself is spoofed and who is actually sending the email to you. 

Always remember that if it feels “too good to be true”, then it is probably too good to be true. It is also good practice to check with a supervisor before responding to any unsolicited requests for credentials or logins that appear to come from your employer.

If you do receive any email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

The images and the original article can be found here. Please check it out for more information: 

https://www.area1security.com/blog/july-bonus-microsoft-spear-phishing/?utm_medium=email&utm_source=blast&utm_term=na&utm_content=na&utm_campaign=2020-Q3-Email-Blast-Spot-Campaign&mkt_tok=eyJpIjoiWVdKbE1HVXlOakkzWVRWaiIsInQiOiJFWnFFZVYxYXBuTFpcLytrc1hzNkFodUZ1XC9CbWRPcUROYmhMWlM0NisyZmo3K0cybFFyY0xmMnhYXC9lYUIzMit2UXZGYzFPTURmTSt2Z1cxRDkxOTladFUwVGl5Wmczd2FmZWFvSkRZZm9iN0FVZGh0TGs2b2FlazhaSFU0ZWhzbSJ9

To read more articles published by DoIT visit: 

https://itsecurity.umbc.edu/critical/?tag=notice. 

https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19