Yesterday morning, between 8:45am and 10:00am, several UMBC users received DocuSign messages offering access to a document called “News Update.pdf” with a button labeled “View Document Now”.  

The From address of the email “dse_docusign2@docusign.umbc.edu” was forged.  This message did not originate from the UMBC’s DocuSign system.  It is, however, an unusually good design for a phishing attack.

In the current work climate, it is easy to overlook unusual features of messages we get in our UMBC email inboxes.  We are also using tools, like Docusign, more than ever. There are people who will try to take advantage of that. While the source of this message is currently under investigation, DoIT wanted to share some of the key features of this message that raise suspicions about its origin.

Example of Malicious DocuSign Forgery:

In the example above there are some tell-tale signs that should raise suspicions.  

• The message begins with the salutation “DocuSign,” and is from “The DocuSign Team”.  They seem to be addressing themselves.

• There is no “DocuSign Team”.  DocuSign notifications are from UMBC staff.

• The From: header in the upper left says “dse_docusign2@docusign.umbc.edu”.  In an actual docusign message, that header would be something like “Andy Johnston via DocuSign <dse_na2@docusign.net>”

• DocuSign message subjects normally start with the words “Please DocuSign”.  This one does not.

• The point of DocuSign is to be able to verify, by signing, that you have received a document.  There is no reason to do that for a news update. UMBC News is sent out in regular email messages.

Did You Click on the Button?

If you are one of the people who got this message and clicked on the button, you should have gotten this message:

Keeping your classroom on topic and safe from trolling shouldn't be something you have to worry about when teaching. Unfortunately, misbehavior can and does happen. These tips should help you keep your class on track and safe from disruption when using Collaborate or Webex for live, remote instruction. (Many of these tips are applicable to business meetings.)

• Avoid sharing your guest link via email or social media. The guest link allows anyone to access a meeting so if a stranger clicks the link, that person can also join. 

• Collaborate: Tell students to use the Course Room link or specific session that's available in the Blackboard course unless you have no other means to get the link to them. Do not share the guest link. The Collaborate link is associated with your student usernames for tracking attendance while the guest link lets students enter any name and share the link with other people. Do not share the guest link with students!

• Webex: Limit the use of your personal meeting room for class or large meetings by generating a new session link per meeting through the Google Calendar integration. A passcode is automatically added for extra security. This link cannot be shared since it is uniquely coded to each invited person.

• If you do have a disruptive participant in the session, you can remove that person.

• Collaborate: Remove Attendees

• Webex: Expel a Participant

• Take note of the default settings participants have to share their screen. Unlike Zoom, both Collaborate and Webex do not allow participants to share by default.

• Collaborate: Only moderators and presenters can share their screens. Participants must be promoted to presenter to share their screen with the room.

• Webex: Default settings in Webex prevent attendees from sharing their screen unless the host allows. To allow an attendee to share their screen, right click on the attendee and select Make Presenter.

• Chat, voice, and webcam functionality IS available by default to participants. Collaborate and Webex handle these settings differently.

• Collaborate: You can disable these functions by default through the Session Settings before or during a live meeting. Ask students to raise their hands in the session if they want to speak and then promote them to presenter. Once they are finished, you can demote them back to participants.

• Webex: You can control the permissions your attendees have when scheduling the meeting via the web. Under Attendee Privileges, default settings allow attendees to view participants, request remote control, and participate in private chats with presenters, hosts, and other participants. Once in the meeting, the host has the power to mute other participants or disable individual video feeds.

• Turn off private chat. 

• Collaborate: This setting must be disabled in Collaborate BEFORE the live session. Turning it off prevents someone from messaging another participant during the live session.

• Webex: By default, chat is enabled. When scheduling the meeting via the web, you can disable chat through Advanced Options. The meeting options allow you to disable public chat while attendee privileges allow you to turn off private chat.

• Don’t use Zoom: It’s not licensed or supported by UMBC.

Additionally, you and your class may want to observe some general tips for presenting and attending in a live session:

• Establish expectations early. Review any netiquette guidelines with your students.

• Remind students to check their microphone buttons in the session. When participants do not need to talk, they should turn their microphones OFF.

• Be patient during a live session, especially if your class is large. A co-moderator is essential to manage large numbers. Tell students to raise their hands if they have a question or use chat. Some instructors have students use private chat to ask a moderator a question directly.

• Remind students that their peers and/or instructor are also working from home and they may have children in the same space. Let your audience know if content will be sensitive, especially if you think minors may be in the background. 

• Anyone who is asked to share video should check the background area to avoid inappropriate content within view.

• Be aware of ambient noise (televisions, barking dogs, flushing toilets, doorbells). If someone is speaking, make sure people in the space around know not to interrupt.

As always, if you have any questions, please consider the following options:

• Check our extensive FAQ collection 

• Open a ticket via RT

• Follow the Instructional Technology & DoIT myUMBC groups

The South Florida Sun-Sentinel reports a warning from the Florida Attorney General about recent COVID-19 scams.  In one case, ”a 90-year-old woman was asked for her Medicare number so she could receive a free COVID-19 testing kit”.  In another, people received unsolicited text messages asking them to click a link for a $1000 support payment. See the following news article for details: COVID-19 scams prompt statewide warnings

If you receive an unsolicited call, email message, or text message asking for personal information or making an offer that is too good to be true, don't respond. Contact the organization making the request or offer directly and make sure the request or offer is valid.

Please report all scams to security@umbc.edu.