Blackboard course shells for FA2020 were created on July 27, 2020.

NOTE: In recognition of the COVID-19 pandemic and ongoing social distancing practices, UMBC’s fall session will mostly be online with some exceptions. Please review the Fall 2020 Course Information and these resources to prepare:

About FA2020 Course Shells

Course development shells were created for faculty to prepare earlier this summer. Content can be copied from those development shells into the production sites where student enrollments are populated.

The Ultra Course Preview setting is again enabled in FA2020 courses to allow faculty adoption with anupdated support schedule of Ultra (see prior announcement). The Ultra Course Preview tool allows faculty to convert an existing Original course and see what it looks like in Ultra. 

Ally, an accessibility tool, is also enabled in all course shells as of last summer. Ally automatically scans uploaded and created course content, then performs a series of steps to make that content more accessible. Please review the Ally FAQs for more information about the accessibility indicators on course content and alternative formats.

• If you are an instructor, and your name is not associated with the course you are teaching in the SOC, please see your Departmental Scheduling Coordinator to resolve the issue. Once you are listed in the SOC, your Bb course shell will be created automatically. 
• If you and your Department Scheduling Coordinator believe you are correctly assigned as the instructor of record in the SOC and you do not see your course shell in Blackboard, please submit a Request Tracker (RT) ticket via my.umbc.edu/help.
• If you need a Bb shell for a research or independent study course, please submit a new course request.

Instructors who teach multiple sections of the same course will find those enrollments merged into one Bb course shell. These sections may be split upon request by an RT ticket, which we recommend submitting at least one week before the semester starts, if not as soon as courses are created in Blackboard.

Student enrollment in Bb mirrors the official registration in SA and updates hourly. However, courses are not accessible to students by default until the instructor of record makes them available.

As always, if you have any questions, please consider the following options:

• Academic Continuity | Keep On Teaching | Student Technology Resources
• Check our extensive FAQ collection 
• Open a ticket via RT
• Follow the Instructional Technology & DoIT myUMBC groups
• Sign up for a webinar & other training 
• Request a consult with instructional technology staff

Abnormal Security recently found a Zoom-themed phishing campaign. This campaign is using fake Zoom alerts to steal Microsoft 356 credentials. With the boom in teleworking, workers at many organizations are using products like Zoom.  This has created an opportunity for malicious actors to create phishing campaigns that capitalize on this.

A malicious campaign is sending out emails claiming to be legitimate Zoom notifications and spoofing the actual Zoom email address. The email claims that the user will not be able to use the platform until they click on the embedded link to reactivate their account.

On clicking the link, the user is taken to a fake Office 365 login page. Entering any information into this login will not reactivate any account. It will instead give the username and password entered to the malicious actors.

The article also states that they have seen malicious actors spoof messages from not only Zoom but of WebEx as well. These campaigns are designed to steal credentials or even to

distribute malware.

If you do receive any email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

For more information, please check out:
https://www.bankinfosecurity.com/zoom-themed-phishing-campaign-targets-office-365-credentials-a-14600

As part of our ongoing commitment to security, the Unix Infrastructure group will be conducting its quarterly system patching on Friday, August 14th and Saturday, August 15th.  While many of the systems will be patched without any service disruption, there are some systems which require the downtime of key services.  The schedule below outlines which key services will be offline and for how long.

Friday, 08/14/2020 between 4pm and 10pm (most systems will only be down for a short period during this time): 

• Between 4pm and 5:30pm only: LDAP-Master and Webadmin will be taken down for system maintenance.  During this time account creations and password changes will be unavailable.  Account authentication and logins will not be affected.
• Access to Cyrus and UMBC Webmail (accounts not migrated to UMBC Gmail)
• All mail will be queued up and delivered after the server is patched
• All HFS (afs) servers - gl.umbc.edu home directories will be offline
• Between 9:15pm and 10pm only: Certain software licenses will be unavailable (autodesk, cadence, idl, schrodinger, xilinx, mathematica). 
• Between 9:15pm and 10pm only: The web hosting environments (virthost) will be partially unavailable (pages will be available but any database calls will not work)

Saturday, 08/15/2020 between 9am and 11am(most systems will only be down for a short period during this time):

• myUMBC lite page will be up resulting in reduced myUMBC functionality
• Wiki will be unavailable
• The sites (wordpress) web hosting environment will be unreachable

Please let us know if you have any concerns or questions.

Thanks!

Tim Champ

Manager of Unix Infrastructure

UMBC DoIT

During the past week, DOIT has received notifications of several phishing emails. Below is a sample of a Phishing message that over 600 UMBC students have received. For privacy purposes the To field was removed.

From: Summer Woodforest <summerwoodforest@gmail.com> 

Date: Tue, Jul 21, 2020 at 8:30 AM

Subject: CORNERSTONE JOB OFFER.

Dear student,

   We got your contact through your school database and I'm happy to inform you that our reputable company Cornerstone® is currently running a student empowerment program. This program is completely school oriented as it has been designed not to deter you from all school activities which is priority for you and this organisation. This program is to help loyal and hardworking students like you secure a part time job with an attractive weekly salary.

TO PROCEED WITH THIS JOB OFFER, KINDLY REPLY TO THIS MAIL WITH YOUR ALTERNATE E-MAIL ADDRESS IN ORDER TO RECEIVE THE FULL JOB DESCRIPTION.

Best Regards,

Summer Wood,

HR Recruit Manager/Consultant

Cornerstone®,

Staffing-Solutions

Similar phishing emails were received from the following addresses listed below: 

• Gavan Ryan <ryangavan724@gmail.com>

• Clerk Trevor <clerktrevor@gmail.com> 

If you have received any message similar to the one listed above, please forward the message to security@umbc.edu.  Please attach the email headers, information on how to find the email headers can be found here: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

DO NOT RESPOND to this email, if you have done so already please contact us immediately at security@umbc.edu. 

For more information on scams and phishing handling, please visit https://wiki.umbc.edu/pages/viewpage.action?pageId=36766495

To read more articles published by DOIT visit: https://itsecurity.umbc.edu/critical/?tag=notice

Fake Covid-19 Fund Scam

The FTC posted an article warning of a phishing scam that they recently discovered. In this scam, the malicious actor is sending email claiming to be from the FTC and saying that users could get money from a Covid-19 “Global Empowerment Fund.” All that is required of the user is to respond with their bank account information.

This email is a scam.  It is not from the FTC, there is no money and there is no fund. The FTC says that they will never contact you by phone, email, text message, or by social media to ask for financial information, this includes your social security number. They also state that any stimulus checks will be from the IRS , not the FTC.

If you do receive any email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu and delete the message.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

For more information, please check out: 

https://www.consumer.ftc.gov/blog/2020/06/fake-emails-about-fake-money-fake-covid-19-fund

With COVID-19 and associated restrictions remaining prevalent, many malicious actors have used the opportunity to update their phishing email campaigns. The article linked below explains some of the ways malicious actors try and trick people into giving up their information or even into installing malware.

The article states that many of the emails will use subject lines like coronavirus, work reopening, rescheduled meetings, stimulus payments, and new vacation policies. Malicious actors also craft themed emails to look like popular social media sites like Facebook and LinkedIn.

For LinkedIn they noticed subject lines "You appeared in new searches this week," "People are looking at your LinkedIn profile," "Please add me to your LinkedIn Network," and "LinkedIn Password Reset."

 Facebook sees phishing emails using subject lines like "Your Friend Tagged a Photo of You" and "Your friend tagged you in photos on Facebook." Phishing campaigns from Twitter were said to try and entice people with subject lines similar to "Someone has sent you a Direct Message on Twitter."

Other subjects included "A login alert for Chrome on Motorola Moto X," "New voice message at 1:23AM," and "55th Anniversary and Free Pizza". The article also describes some general subjects to look out for:

• Password Check Required Immediately

• Vacation Policy Update

• Branch/Corporate Reopening Schedule

• COVID-19 Awareness

• Coronavirus Stimulus Checks

• List of Rescheduled Meetings Due to COVID-19

• Confidential Information on COVID-19

• COVID-19 - Now airborne, Increased community transmission

• Fedex Tracking

• Your meeting attendees are waiting
  
  

According to the article, the most common subject lines within phishing emails found “in-the-wild” in the last quarter were:

• Microsoft: Abnormal log in activity on Microsoft account

• Chase: Stimulus Funds

• HR: Company Policy Notification: COVID-19 - Test & Trace Guidelines

• Zoom: Restriction Notice Alert

• Jira: [JIRA] A task was assigned to you

• HR: Vacation Policy Update

• Ring: Karen has shared a Ring Video with you

• Workplace: [company_name] invited you to use Workplace

• IT: ATTENTION: Security Violation

• Earn money working from home
  
  

At UMBC some of the most common subject lines for phishing emails seen recently have been “UMBC JOB OPPORTUNITY”, “CORNERSTONE STUDENT JOB OFFER”, “CORNERSTONE JOB OFFER”, “UMBC COVID-19 INFORMATION”, “UMBC COVID-19 PART TIME JOB OFFER” and “WORK FROM HOME.”

If you do receive any email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu and delete the message.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

For more information, please check out: 

https://www.techrepublic.com/article/watch-out-for-these-subject-lines-in-email-phishing-attacks/

The email below is an example of a recent job scam phishing email that has been going around campus. This email, like many other job scam emails, tries to trick users into giving up their personal information like the users address, phone number, and personal email address.

If you do receive this or any other email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

Smishing scams are a type of phishing scam which occurs when a malicious actor sends text messages or direct messages. They follow a similar pattern of acting as if they were from a trusted source like banks, government agencies, or even friends and family, trying to trick users into clicking a malicious link or possibly giving personal and financial information.

In recent years smishing attacks have started to become more numerous and sophisticated. Just like with phishing attacks, smishing also spikes during a crisis like COVID-19. These attacks are designed to exploit the public’s fears and anxieties, making their victims an easier target.

According to the article below, many more adults and children will open a text message or direct message on average compared to an email. Malicious actors can also automate the sending of text and direct messages to thousands or even millions of phone numbers and, unlike emails, there is no viable way for a user to block or flag suspicious messages.

These scams are similar to other phishing scams. They will still instruct the user to perform actions that could be harmful. Some of these actions might include: 

• Replying to the text or direct message with personal or financial information.

• Clicking a link that downloads malicious files or directs them to a website designed to gain the users personal or financial information.

• Asking the user to call a ‘customer service’ number.

• Asking the user to wire money to the malicious actors.
  
  

Tips on how to spot and avoid smishing attacks:

• Do not click on a link or call a number from an unknown number.

• Do not submit personal information to an unknown number.

• If possible try to verify the authenticity of the message by finding the sender’s website and official contact details online. For example if a message is claiming to be from your bank, check the bank's website to find the real contact information.

• If it looks too good to be true, it probably is too good to be true.

• Delete all suspicious texts.

• If the sender has a ‘5000’ number, the message was sent via email and could be malicious.

• If the sender is anything other than a cell phone number, the message may have been sent via email and could be malicious.

• Block unknown numbers if possible.

For more information, please check out: 

https://portswigger.net/daily-swig/what-is-smishing-how-to-protect-against-text-message-phishing-scams