As of September 15, 2021, users of some online National Institutes of Health (NIH) services require Duo multi-factor authentication. Initially, this requirement applies to all users of electronic Research Administration (eRA) modules. We expect other NIH applications to adopt these requirements in the months to come. This change provides an increase to the security of personal and confidential information provided in NIH’s systems. 

All UMBC faculty and staff have been enrolled in Duo; however, we are now optionally making Duo available to all undergraduate and graduate students. If you are a user of one of these services, and have not yet enrolled in Duo, you’ll be prompted to do so when attempting to access a service that requires multi-factor authentication. If you, or your graduate or undergraduate students, would like to enroll ahead of time, you may do so here. 

For more information on  using Duo with your UMBC account, please consult the FAQ archive.

The Division of Information Technology( DOIT) recently received reports of a ‘file transfer’ phishing campaign. Below is an example of this phishing email. We removed the To field for privacy purposes.

This example originated from <offices@mekre-net.uno>; however, there are several more senders: 

• <noreply@wetransfer.com>

• <revor@secaipl.club>

• <pombhurna.de@mahapwd.com>

If you receive a similar email, please forward it immediately to: security@umbc.edu along with the headers.

At first glance, the download link seems to originate from Wetransfer.com, however if you look closely, there is a comma between Wetransfer and com: 

Another flaw in the link is that copying the link address will take you to a completely different domain, https://firebasestorage.googleapis.com. Below is the full link and its website.

This format is similar to a previous phishing email. However, the background is different, and the link takes you directly to https://firebasestorage.googleapis.com and asks you to log in.

If you have received this email, please DO NOT CLICK on the link. However, if you have clicked on the link, DO NOT ENTER your password. If you entered your UMBC password, immediatelyCHANGE your password.

If you have received any message similar to the one listed above, please forward it with its headers tosecurity@umbc.edu. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

______________________________________________________________________________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity.

There are some new features in VoiceThread Assignments! 

New features were added to VoiceThread Assignments at the end of September and we would like to share them with faculty. These features enhance the functionality of VoiceThread Assignments to allow increased flexibility for submissions, due dates, and commenting. New features are available in Blackboard now and as you create new assignments.

Separate close and due dates + late submissions

When building an assignment, you can now set both a due date and a close date. This enables you to continue making the assignment available to students even after the due date passes. It will only become unavailable after the close date.

Additionally, students can submit after the due date has passed, and their submissions will be marked as "Late" on your grading page so you can decide whether to deduct any credit for missing the due date.

Replying to comments after submitting

After students submit a commenting assignment, you might want them to go back and reply to classmates to keep the conversation going. Now they can use the threaded reply option to continue the conversation even if they've submitted and received a grade. The image below illustrates how a student can make a reply comment even after submitting successfully.

Slide requirements

Create and comment assignments can require students to add a specific number of slides before they can submit. Set this requirement in the same place you set a required number of comments.

New location for importing from other VoiceThreads

Previously the option for importing slides from other VoiceThreads was inside the Media Sources option. Now it is available right on the main slide import page to make it easier to find and faster to use.

Other recent updates

Just in case you missed these other great updates from the last couple of months, these have also been added since June:

• Hands-off course copying: If you use a learning management system that supports automatic copying of LTI-integrated links, all of your student submissions and comments will be removed from your assignments automatically each time you copy the course to re-use it.
• Watch assignment feedback: If students are completing a "Watch a VoiceThread" assignment, they can access a detailed list of which slides or comments they haven't yet viewed or listened to completely.
• Caption editing: You can now edit closed captions in the Assignment Builder and in the student view. Note that you can't do this in the grader yet, but that's coming soon.
  Bonus: This means you can create and edit closed captions in VT Universal now, too!
• Maximum comment requirement: Rather than setting only a minimum or exact number of comments required on a VoiceThread, you can set a maximum number of comments students can record.
• Selecting comments to include: When building a commenting or watch assignment and selecting a VoiceThread you've already created, you can also choose which comments you want to include in this fresh instance.

In September 2021, Thai-based English language teaching website, Ajarn, learnt that they suffered a data breach back in September 2018. This breach contained data for approximately 266 thousand Ajarn customers. The information included email addresses, names, genders, phone numbers, dates of birth, education levels, genders, geographic locations, job applications, marital statuses, nationalities, passwords, and profile photos. No financial information was leaked.

Two UMBC accounts were victims of this breach. The victims are being notified via their UMBC emails and/or their alternate emails. If you have an Ajarn account, please contact them to see if you have been affected by this breach.

To see if you were involved in any other breach, visit: https://haveibeenpwned.com/.

More about Ajarn data breach:

https://www.ajarn.com/data-breach

If you have any questions or concerns, email us at: security@umbc.edu.

Information about this breach was provided to us by Have I Been Pwned(HIBP). 

______________________________________________________________________________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity.

Normally, these posts warn of various types of fraud and misdirection that try to mislead victims into giving up personal information and/or money.  The Division of Information Technology (DoIT) encourages and appreciates vigilance and caution among members of the UMBC community.

That said, there are occasions when messages are sent out to account holders asking them to click on a link or fill in a form are legitimate.  DoIT received a report about a message that appears to be a legitimate request to participate in a survey about intercultural development at UMBC.  After investigation, we have established that the message is exactly that!  If you receive such a message (see excerpt below), please feel free to respond.  The survey is overseen by Dr. Irina Golubeva and Dr. Jasmine A. Lee of the Division of Students Affairs.

We appreciate your mindfulness and ask you to continue taking care in the future.  E-mail and text message scams surged at the start of the COVID-19 lockdown and show no sign of abating.  As always, if you have a question about the validity of any message you receive at your UMBC email address, please contact us at security@umbc.edu.

For more information about phishing, visit:https://itsecurity.umbc.edu/critical/?id=98136.

If you have received any message similar to the one listed above, please forward it with its headers tosecurity@umbc.edu. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

_________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity.

Recently, the Division of Information Technology(DOIT) received multiple reports of a job phishing email. The scammers sending these emails are impersonating Professor Cheah of the Department of Psychology. Below is an example of such an email. For privacy purposes, we removed the To field.

Please note that the Psychology Department or Professor Cheah did not send this message. Three visible red flags in this email are:

1. The From address is not a UMBC email. If the Psychology Department or Prof. Cheah were sending this email, the From address would have been a UMBC email address. However, it was sent from <timothyj.sloan2@gmail.com>, which is not a UMBC affiliate. Please note that it could have been spoofed, even if it appears to originate from a UMBC email. Therefore, always check with DoIT(security@umbc.edu) or email/contact the impersonated person on a completely different email when you see a conflict in the address.

2. Whatsapp number.  A lot of scammers will ask for your WhatsApp number. If their number gets reported, they could easily create a new one. The same can be said for an email address; however, if their email is blocked, they will lose responses from other phishing email recipients. If you ever receive a job offer asking for a WhatsApp number or a phone number in general,  BE SUSPICIOUS!

3. The email template. This template is very common. After a quick Google search, we found three Job scams articles with the same template. So if you are ever in doubt, Google it! UMBC will not use a known phishing template to offer you a job opportunity.

For more information about phishing, visit:https://itsecurity.umbc.edu/critical/?id=98136.

If you have received any message similar to the one listed above, please forward it with its headers tosecurity@umbc.edu. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

______________________________________________________________________________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity.

The Division of Information Technology( DoIT) recently received reports about an “account upgrade” phishing email. Below is an example of such an email. We removed the recipient’s information for privacy reasons.

This email was spoofed to impersonate <noreply@umbc.edu>; however, after investigating the headers, we realised it originated from <raaympex@yandex.com>. By clicking the upgrade button, it will redirect you to a website that looks similar to umbc.edu. Afterwards, you will  receive a pop-up saying, “your session expired.” See below.

The background is umbc.edu, but the pop-up is from a completely different website, <https://firebasestorage.googleapis.com>.  The link in the email is similar to the one listed below. The only difference is that your campus ID  will change depending on the recipients.

https://firebasestorage.googleapis.com/v0/b/updates-efda3.appspot.com/o/domain%2Findex.html?alt=media&token=0e92d80b-425e-4147-91e7-8d67820f6e7b#<CampusID>@umbc.edu

If you have received this email, please DO NOT CLICK on the link. However, if you have clicked on the link, DO NOT ENTER your password. If you entered your UMBC password, immediately change your password.

If you have received any message similar to the one listed above, please forward it with its headers tosecurity@umbc.edu. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

______________________________________________________________________________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity.