The Division of Information Technology (DoIT) has been notified that a scammer is sending out phishing emails claiming to offer an interim personal assistant job available. The offer is a fake.  Below is an example of this scam.

In the example above it can be seen that the email is sent from <DJ2205831@pusdk12.org> and has the subject “University of maryland, baltimore county apply for spring winter p/t jobs work from school/home offer for students 2021”. The phishing email itself is claiming to offer students a job as the scammer’s interim personal assistant. The scammer is asking that applicants respond by emailing their personal information.  If you have received this email please do not respond.

Please note that in the phishing email above the scammer states that they can not give an interview.  This is a red flag as most jobs would want some sort of interview or meeting process or at least a telephone call  before hiring anyone. Another red flag is that the email uses words like “high important that you reply,” this gives the user a sense of urgency which can be a sign of phishing and job scam emails.

Of course, the terrible grammar and punctuation are not what you would expect from a professor of medicine, either.  It is also odd that the message asks the applicant to respond to boseannette85@gmail.com when the message itself came from a different address, DJ2205831@pusdk12.org.

Always be alert for inconsistencies, especially when contacted unexpectedly, especially when contacted by strangers, and most especially when money is involved.

What to do now?

If you do receive this or a similar scam, please DO NOT respond any further or click on any URLs. If you have provided any banking or financial information, please notify your bank or financial institution immediately. If you have been sent a check, you should not attempt to cash or deposit it. If you have deposited a check already, please contact your bank and tell them that it may be part of a scam.

Whether or not you responded to the scam or not, please forward the message (with the email headers) to security@umbc.edu. We will also keep track of any other information you submit about the scammers, such as their phone numbers. If you were sent a check or other materials, please send pictures of it and the envelope they came in.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970 

To read more articles published by DoIT Security please visit: 

https://itsecurity.umbc.edu/critical/?tag=notice.  

https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19 

Expect to see and/or hear about fake vaccine scams in the coming weeks.  The scams will differ in intent.  Some will encourage you to use your credit card or bank account to send the scammers money in order to assure vaccination quickly.  Others may simply ask you to fill out an online form with lots of personal information.  Some may even offer you a work-from-home job calling people about vaccination.  Whatever the scam is, the COVID-19 vaccine will be the bait.

From the FBI

Special Agent in Charge Timothy Thibault recently told ABC News:

"What we would say to the public is to be leery of and be on guard for scams related to telemarketing, malicious websites or emails where people are taking advantage of the initial supply-and-demand problem"

From the Department of Health and Human Services (DHHS)

The DHHS Office of Inspector General issued an alert earlier this month warning:

• Be vigilant and protect yourself from potential fraud concerning COVID-19 vaccines. You will not be asked for money to enhance your ranking for vaccine eligibility. Government and State officials will not call you to obtain personal information in order to receive the vaccine, and you will not be solicited door to door to receive the vaccine.

• Beneficiaries should be cautious of unsolicited requests for their personal, medical, and financial information. Medicare will not call beneficiaries to offer COVID-19 related products, services, or benefit review.

• Do not respond to, or open hyperlinks in, text messages about COVID-19 from unknown individuals.

• Be aware of scammers pretending to be COVID-19 contact tracers. Legitimate contact tracers will never ask for your Medicare number, financial information, or attempt to set up a COVID-19 test for you and collect payment information for the test.

• If you suspect COVID-19 health care fraud,report it immediately online or call 800-HHS-TIPS (800-447-8477).

Spotting Scams

There are two important components to any scam.  First, the scammer must offer to provide you with something you very much want, or to prevent something you very much don’t want.  Second, the scammer will create a sense of urgency to discourage you from doing any background check or even from thinking too hard about the offer.

If you receive email, phone calls, text messages, or anything else that appeals to your hopes and fears and tries to create a sense of urgency, be suspicious.  The more urgent it seems, the more you need to check out the source.

For more information about spotting potential COVID-19 scams, please visit:

• https://scamspotter.org

• https://www.washingtonpost.com/business/2020/12/14/covid-19-vaccine-scams

• https://my3.my.umbc.edu/groups/itsecurity/posts/98136

If you do receive any email that you suspect is a scam, please do not even click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. If you are a member of the UMBC community, please forward the message (with the email headers - see here for instructions)) to security@umbc.edu. 

References and Links to More Information

• https://abcnews.go.com/US/fbi-warns-covid-19-vaccine-scams/story?id=74631650

• https://oig.hhs.gov/coronavirus/fraud-alert-covid19.asp

• https://www.washingtonpost.com/business/2020/12/14/covid-19-vaccine-scams/

• https://www.aarp.org/money/scams-fraud/info-2020/coronavirus-vaccine-scams.html

• https://www.fda.gov/consumers/consumer-updates/beware-fraudulent-coronavirus-tests-vaccines-and-treatments

The article linked below lists a few tips on how to identify phishing scams in your daily life or while you are working. Here is a short list of some clues to help identify phishing emails.

• The email address does not match business name or location. With many phishing emails if you look closely at the FROM address, you might notice misspelling  or even something that doesn’t match the organization at all. One type that has been seen at UMBC are scammers having an email that ends with <.umbc@gmail.com> to try and trick users into thinking it is from a UMBC source.

• A sense of urgency. Many phishing emails will have a sense of urgency that are created to distract the user from the emails true intentions. The idea is that the victim is too preoccupied with getting the action completed to see that it is a false request.

• Uncommon request from someone within the organization. Is this email coming from someone you do not normally work with? Would they normally be asking you to help complete this task or project? 

• Poor grammar and spelling. Many times the true sign of a suspicious email are common words being misspelled. There could also be capitalizations in almost random spots of a sentence and the spacing between words might be off.

Phishing scams are not the only tactics that are used by malicious actors. Many are impersonating or creating fake charities and using social media to further expand their campaign. Twitter has been seeing many of the “send me $1 and I will send you $2” scams as well as an increase in scams promoting bitcoins.

With charities, malicious actors are creating seemingly wholesome and thorough charity websites or social media profiles to target those who want to help. These scams often come as telemarketers or prompted phone calls. If you would like to give to an organization please do your research before giving any personal or financial information.

If you do receive any email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu. 

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970 

For more information, please check out: 

https://securityboulevard.com/2020/08/identifying-covid-19-phishing-scams/

To read more articles published by DOIT visit: 

https://itsecurity.umbc.edu/critical/?tag=notice.  

https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19 

How It Works

Not all job scams are identical, but those we have seen follow the general pattern described here.

You may see scams arrive as text messages, email, or in almost any other form possible.  The messages are all similar.  You are told that the sender has some association with your school and that you have been selected to apply for a work-from-home position.  You are asked to contact the sender and/or go to a website to provide personal information, including name, address, phone number, email address, and possibly Social Security Number.  Some scammers go to considerable effort to appear legitimate.  They may have set up a website.  They may even use the names of real people from real companies. One very through scam earlier this year took names and photos from the website of a real company and used it to set up their own website.

Once you have accepted the position, you will be provided with either a check or a picture of a check to print out and be directed to deposit it into your checking account.  At the same time, for whatever reason, you will be told to transfer some of your own money (check, wire transfer, etc.) to someone else.  For instance, if the check you get is for $1000.00, you may be told to deposit it and immediately send $700.00 to someone else, keeping the remaining $300.00 as your payment for the work.  The check for $1000.00 turns out to be a fake and is rejected by your bank.  You have just lost$700.00.  The scammer you have been working for will stop responding.  Any contact information you have will no longer be valid.  

Some Examples

E-mail message

What to do

If you do receive anything like the offers above, even if you are not sure, , please DO NOT respond any further or click on any URLs. If you have provided any banking or financial information, please notify your bank or financial institution immediately. If you have been sent a check, you should not attempt to cash or deposit it. If you have deposited a check already, please contact your bank and tell them that it may be part of a scam.

Whether or not you responded to the scam or not, please forward the message (with the email headers - see link below) to security@umbc.edu. We will also keep track of any other information you submit about the scammers, such as their phone numbers if you receive a text message from the scammer.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970 

To read more articles published by DoIT Security please visit: 

https://itsecurity.umbc.edu/critical/?tag=notice.  

https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19 

Recently DoIT was notified of a job scam email campaign from a compromised UMBC email account. The email has the subject line “WorkStudy!” and is presenting a fake job offer to the user. Below is an example of the job scam email, with the name and email of the From and To removed for privacy reasons.

Please note that the email is coming from a compromised UMBC account but the reply-to in the headers is set to <careerjobsdepartment@outlook.com>. This means that if the user responds to the email they would not be responding to the UMBC email but instead the scammer directly at <careerjobsdepartment@outlook.com>.

If you do receive this or a similar email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

To read more articles published by DOIT visit: 

https://itsecurity.umbc.edu/critical/?tag=notice. 

https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19

Below is an example of a scam email that has recently been reported to DoIT. The email below the scammer tries to impersonate a member of the UMBC by setting the From email name to that of a UMBC email user. The name has been removed for privacy reasons. 

This recent phishing attempt has the scammer trying to impersonate a member of the UMBC. These emails are a bit more personalized with the scammer saying “Hello <Users Name>” as well as having the impersonated name at the bottom of the email in the email’s signature.

This email does show some red flags of being a phishing email. First, the email itself is coming from a Gmail account and not a UMBC email account. Second, the email itself has a sense of urgency, urging the user to respond at the “earliest opportunity.”

If you do receive this or a similar email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

To read more articles published by DOIT visit: 

https://itsecurity.umbc.edu/critical/?tag=notice. 

https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19

DoIT has recently been notified of a job scam coming from a compromised UMBC email account, below is an example of that message that was being sent. The subject line of the job scam email is “_Available.” The name and email address of the From and To users were removed for privacy reasons.

Please note that the email above is coming from a UMBC email account, but within the email headers it shows that the reply-to is set to a <charlenabolinlyco21@gmail.com>. This means that if the user tries to respond to this email they would not be emailing the compromised UMBC account but instead the scammer directly at <charlenabolinlyco21@gmail.com>.

If you do receive this or a similar email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

To read more articles published by DOIT visit: 

https://itsecurity.umbc.edu/critical/?tag=notice. 

https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19

Tracking Code Scam

The Better Business Bureau warns of a scam where malicious actors aim to deceive online shoppers into paying for goods that do not actually exist. This is done by the scammers creating fake websites that are selling products with great deals, usually selling brand named goods at a significant discount.

If the user decides to take a chance and make the purchase, the site is said to instruct the user to pay through PayPal. After checkout the user will receive a tracking number from UPS, FedEx, or another shipping service. After awhile if the user checks the package is said to be delivered but to the wrong address.

If the user tries to contact the website they will learn that the site is either unresponsive or unhelpful. Some cases, the site does not even provide contact information and in others they just do not respond to any emails or calls.

Some of the victims of this scam reported filing a claim with PayPal for their money back but because the scammer technically shipped the package and the tracking number marked it as delivered, PayPal was rejecting their claims.

The articles linked below gives some tips on spotting Package Delivery Scams and other online shopping related scams:

• Before paying, know your rights and responsibilities. In any type of scam, scammers might try to take advantage of what consumers do not know when it comes to processing payment. Do not make a purchase from any seller that seems suspicious and do not assume that you’ll be protected no matter what.

• Before buying online, confirm the site has real contact information. Make sure the seller has a working phone number and address on the website, so you can contact them in case of a problem.

• If the price seems too good to be true, then it probably is. Be wary if the item is selling for significantly lower than what you have seen elsewhere.

• Make sure you know who you are dealing with, they advise you check the spelling and the domain names. As well as to google the website to see if the website has had any complaints.

• Scam websites usually have poor grammar and spelling, a lack of information, and capital letters in the middle of sentences.

• Make sure the website is using https:// as a trusted website will have a secure domain so that your information is safe. Make sure to also check the address bar for a “not secure” message as that is another red flag.

• Check for the website's privacy policy to understand what personal information is being requested. If there isn’t a privacy policy that is a red flag.

• Research the business first to make sure it is legitimate before giving them any of your personal and/or financial information.

For more information, please check out: 

https://www.bbb.org/article/scams/21097-scam-alert-tracking-code-trick-costs-online-shoppers

https://www.bbb.org/article/news-releases/22474-bbb-warning-be-careful-purchasing-from-unknown-websites-during-covid-19

https://www.bbb.org/article/tips/14040-bbb-tip-smart-shopping-online

To read more articles published by DOIT visit: 

https://itsecurity.umbc.edu/critical/?tag=notice. 

https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19

A phishing attack urging users to download undelivered emails was reported to DoIT Security this week. Here is an example of the malicious message.

From: "umbc.edu System Administrator" <admin@secureserver.net>

Subject: You have 4 undelivered emails. Download them now

Date: 03 Sep 2020 14:40:40 +0800

Undelivered Mail Notification

Email account: (redacted)@umbc.edu

Time of error 9/3/2020 2:40:40 p.m.

Due to a recent configuration error, some of your emails have not been properly synchronized with your mailbox. Login below to clear this error and download your mails.

Download your emails

If you do not retrieve your undelivered emails now, they may be lost forever.

umbc.edu Email Server

The link to “download” undelivered emails leads to a website which prompts users to enter their UMBC credentials, potentially giving malicious actors access to victims’ UMBC accounts.

Notice the warning signs in this email. First, check the sender address, and notice that the supposed "umbc.edu System Administrator" is not using a umbc.edu address. Next, check the time and time zone of the message. The time zone UTC+0800 is used in China and parts of Australia and Russia, for example, but not anywhere that a legitimate email about your UMBC account would likely originate. Finally, be wary of unexpected emails requiring immediate action. Malicious actors try to induce panic to make victims act before thinking about the risks.

See a similar email reported at the University of North Carolina at Chapel Hill:

https://its.unc.edu/phish-alert/you-have-9-pending-emails-download-them-now/

If you do receive this or any other email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

To read more articles published by DOIT visit: 

https://itsecurity.umbc.edu/critical/?tag=notice. 

https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19