DoIT has been made aware of a problem with the dial-in feature in Webex Meetings. The symptom is that when joining a meeting through the phone that users will receive an error of “You have dialed a call in number that is not supported for this meeting”.


Our vendor, Cisco, is working on the problem now. As a work around, you may use the join audio by computer function which appears to be unaffected by the problem.

Updates will be posted as the problem is resolved. 

Ray Soellner

DoIT - UMBC

rays1@umbc.edu

410-455-3256

In June 2020,  Dave, a digital banking app, suffered a data breach. 7.5 million rows of data were leaked to the public on a hacking forum. The breach exposed individuals’ Personal Identifiable Information (PII) such as names, dates of birth, encrypted social security numbers and passwords.

UMBC’s Division of Information Technology (DoIT) has been notified that over 20 UMBC accounts might have been affected by this breach. 

The individuals who have been affected by the data breach were notified via their UMBC email and/or their alternate emails. If you do not have an alternate email listed on your UMBC account, we suggest that you create one, preferably different from your UMBC email account. 

To link an alternate email account to your UMBC account follow the instructions below:

1. Login to your myUMBC account: http://my.umbc.edu/account

2. Go to https://webadmin.umbc.edu/admin//Security/Setup/View

3. Click Account security setup

4. At the top of the page, enter your alternate email address

5. Scroll down to the bottom of the page and click Update my security settings

If you have a Dave account we suggest that you contact them to see if your information has been leaked. 

The data about Dave was provided to the breach notification service Have I Been Pwned (HIBP) by dehashed.com.

For more information on Dave data breach visit:

https://www.zdnet.com/article/tech-unicorn-dave-admits-to-security-breach-impacting-7-5-million-users/

https://www.tomsguide.com/news/dave-data-breach 

If you have any questions or concerns email us: security@umbc.edu 

_________________________________________________________________________

Receive any suspicious emails?

According to an article at https://www.infosecurity-magazine.com,  Abnormal Security recently discovered a new phishing campaign using malicious emails from a legitimate SurveyMonkey domain. A malicious actor is using this legitimate domain because it allows them to bypass most security filters. 

Even though these emails are sent from the actual SurveyMonkey domain, the reply-to address is in a different domain. Within the email there is a hidden URL that appears as the text ‘Navigate to access statement’ with a message ‘Please do not forward this email as its survey link is unique to you.’”

Clicking on the link will redirect the user to a form asking for their Office 365 credentials such as email address and password. If the user’s information is entered into this malicious site, then the user’s account will be compromised.

The article states that the reason this attack is so effective is due to the use of a legitimate email sender, as well as concealing the malicious site URL and the description of the email being “unique” to every user.

If you do receive any email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu and delete the message.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

For more information, please check out: 

https://www.infosecurity-magazine.com/news/surveymonkey-phishers-office-365/

https://abnormalsecurity.com/blog/abnormal-attack-stories-phishing-through-surveymonkey/

To read more articles published by DOIT visit: 

https://itsecurity.umbc.edu/critical/?tag=notice. 

A new wave of Spear-phishing emails hit roughly 300 UMBC inboxes this weekend. An example is shown below, with the From field altered and the To field removed for privacy. There is no body in this particular email.

From: Forged Name <name@gmail.com>

Date: Sat, Jul 25, 2020 at 9:26 AM

Subject: Send me your available text number?

To:

This malicious email uses the name of a UMBC staffer in an attempt to appear credible. However, the Gmail address, unnatural-sounding subject line, and lack of body content are all clear red flags. More generally, be wary of emails from unverified sources with any urgent but unexplained request. Similar emails that were reported previously were precursors to gift card scams.

The best way to avoid these scams is to simply not respond. Instead, report suspicious emails by forwarding them to security@umbc.edu. Include the full email headers by following the instructions athttps://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

For more information on scams and phishing, please visit https://wiki.umbc.edu/pages/viewpage.action?pageId=36766495.

Jobs phishing Alert: Corestaff

During the past week, DOIT has received several notifications of phishing emails impersonating Corestaff. Below is a sample message that was sent to many UMBC students. The To field was removed for privacy purposes.

From: Corestaff Services <corestaffserviceshr@gmail.com>

Date: Wed, Jul 22, 2020 at 7:42 PM

Subject: JOB DESCRIPTION

Dear applicant,

Thanks for getting back to us with your interest in the job position, CORESTAFF SERVICES Inc® is a privately held company within Allegis Group, the largest private talent management firm in the world. Our long-standing history and industry-leading position speak to our success in providing the IT staffing solutions, IT services, and talent management insight required for our clients to actualize ROI and sustain a truly competitive advantage in a fast-changing market. We have established successful relationships with thousands of companies, government agencies, and small entrepreneurial firms across all industries. 

COMMITMENT: Our commitment to meeting our customers’ and consultants’ expectations is the foundation for building trust in our business relationships. Simply put, we foster an environment that demands integrity and accountability for results. To ensure our clients and consultants know exactly what they can expect from us, we make it our mission to hire smart, honest, and hardworking individuals who possess a great deal of pride in setting the bar high and keeping their word.

JOB DESCRIPTION: CORESTAFF SERVICES Inc® is seeking a production support analyst to support our client's production environment. This person will be responsible for analyzing, reporting, and ordering production supplies. This is a remote part-time job that does not deter you from doing any other. You just need a few hours of your time to do this weekly and you can have your own part of the work completed in t your leisure time in school or at home.

SALARY/WAGES: $300 Weekly.

The successful candidate will need to be able to: 

- Provide Quality communication etiquette skills and good organizational skills.

- Perform duties with accuracy, quality, and integrity.

We will always email you guidelines and instructions to follow in getting your job done perfectly as soon as you start working. if you care to proceed with the job offer, get back to us with the information listed below so we can process your information as to consider it valid to commence working with us.

NAME:

PHYSICAL CONTACT ADDRESS (PREFERRED MAILING ADDR)

CITY:

STATE:

ZIPCODE:

D.O.B:

GENDER:

MOBILE (Must be able to receive text): 

PERSONAL EMAIL:

CURRENT JOB:

We shall be contacting you as soon as we receive and validate this information.

Kind Regards,

Jasmine Orozco

HR Recruiting Dept.

Corestaff Services Inc®

From addresses of Corestaff impersonator emails that we have received are listed below

• Corestaff Services <corestaffserviceshr@gmail.com>

• CORESTAFF SERVICES Inc® <corestaff@consultant.com> 

 If you have received any message similar to the one listed above, DO NOT RESPOND. Please forward the message to  security@umbc.edu. Please attach the email headers, information on how to find the email headers can be found here: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

We have also received notification that students who have responded to this email have received checks. DO NOT DEPOSIT THE CHECKS, they are fake.

Students have also been asked for their Cash App, and other card information. DON’T SEND YOUR FINANCIAL INFORMATION. Listed below is a sample message from the impersonator asking for your financial information. For privacy purposes, the To field, and victim’s name have been removed.

From: CORESTAFF SERVICES Inc® <corestaff@consultant.com>

Date: Mon, Jul 27, 2020 at 11:54 AM

Subject: Further Information Required

Hello <VICTIM NAME> , 

I hope you are having a good day?

Our external financial institution is in the process of adding your information to the payroll system where they will be sending funds for you to complete your weekly tasks/orders and your ($300) weekly earnings via Cash-app simply because it is fast (lets you get paid early), safe and reliable and it can be used anywhere Visa is accepted, both online and in stores.

So, do you have Cash-app? Has it been verified? Do you have a cash-card too?

If yes, kindly send in the details below to make us proceed.

Account #

Routine #

If you don't have Cash-app, kindly set it up, verify it, and order a cash-card as soon as you can today. It's free/

I await your prompt response.

Devon Baynard 

Sr. Recruiting & Account Manager

Corestaff Services Inc®

 If you have received any message similar to the one listed above, DO NOT RESPOND. Please forward the message to  security@umbc.edu. Please attach the email headers, information on how to find the email headers can be found here: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

 By refusing to provide your financial information or depositing the checks, you might receive threats similar to the one listed below.

This threatening tone is often used by Scammers to strike fear into individuals which will often cause them to fall victim to scams. If you have received any threats, please send the screenshot to security@umbc.edu. 

More information on other job scams can be found here: https://itsecurity.umbc.edu/critical/?tag=notice

For more information on scams and phishing handling, please visit

https://wiki.umbc.edu/pages/viewpage.action?pageId=36766495 

For more information on how to spot a Scam, please visit

https://itsecurity.umbc.edu/critical/?id=94345

https://itsecurity.umbc.edu/critical/?id=93891

UMBC continues to receive phishing email campaigns from a malicious actor pretending to be from either Cisco or Corestaff. This phishing email has the goal of not only getting users personal information but also to try and get them to cash a fraudulent check. An example of the email can be seen below:

If the user responds to the initial message the malicious actor will then respond asking the user for more personal information like name, address, city, state, Zip code, date of birth, gender, phone number, personal email and current job. Which can be seen in the below:

If the user responds with their personal information the scammer will then inform the user that they have been accepted to the job, but due to Covid-19 they cannot do a one-on-one interview. They inform that a check will arrive with enough to cover your wage and your first task.

If you do receive this or a similar scam, please DO NOT respond any further. If you have provided any banking or financial information, please notify your bank or financial institution immediately. If you have been sent a check, you should not attempt to cash or deposit it. If you have deposited a check already, please contact your bank and tell them that it may be part of a scam.

Once you stop cooperating with the scam, you may receive a text message from the scammers.  It may look something like:

This is part of the scam and seems to be intended to scare you.  The real Cisco Systems doesn’t threaten legal action through text messaging and can afford to employ people who write grammatical sentences.

If you did receive this or any other email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Whether or not you responded to the scam, please forward the message (with the email headers) to security@umbc.edu.  We will also keep track of any other information you submit about the scammers, such as phone numbers if you get a text message.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

To read more tips on how to spot and avoid phishing scams:

https://itsecurity.umbc.edu/critical/?id=93891

https://itsecurity.umbc.edu/critical/?id=93743

To read more articles published by DOIT visit: 

https://itsecurity.umbc.edu/critical/?tag=notice. 

https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19

A new wave of Spear-phishing emails hit roughly 300 UMBC inboxes this weekend. An example is shown below, with the From field altered and the To field removed for privacy. There is no body in this particular email.

From: Forged Name <name@gmail.com>

Date: Sat, Jul 25, 2020 at 9:26 AM

Subject: Send me your available text number?

To:

This malicious email uses the name of a UMBC staffer in an attempt to appear credible. However, the Gmail address, unnatural-sounding subject line, and lack of body content are all clear red flags. More generally, be wary of emails from unverified sources with any urgent but unexplained request. Similar emails that were reported previously were precursors to gift card scams.

The best way to avoid these scams is to simply not respond. Instead, report suspicious emails by forwarding them to security@umbc.edu. Include the full email headers by following the instructions athttps://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

For more information on scams and phishing, please visit https://wiki.umbc.edu/pages/viewpage.action?pageId=36766495.