Dear UMBC Community,

DoIT has recently been made aware of a new phishing campaign through Google Calendar. In this scheme, attackers send fraudulent calendar invites that automatically appear on your calendar. These invites often contain messages about fake cryptocurrency invoices and attempt to trick you into clicking links or calling a phone number.

Examples of these malicious invites are included below for your reference.

If you see a suspicious item on your calendar:

• Do not click on any links, open any attachments or call any phone numbers

• Immediately report the invite to security@umbc.edu

• Remove the invite from your calendar using the Trash Can button

It’s important to note that simply receiving one of these invites does NOT mean your account has been compromised. By default, Google Calendar automatically adds invitations from anyone.

To reduce the chance of receiving unwanted invites in the future, you can also update your individual Google Calendar Event Settings to restrict which invitations are added by adjusting the "Add invitations to my calendar" setting. (See Below)

For more information about this setting, please refer to https://support.google.com/calendar/answer/13159188?sjid=9213646357382027005-NA.

Thank you all for your continued awareness and assistance in keeping our community secure.

UMBC Division of Information Technology (DoIT)
Cybersecurity Assurance and Digital Trust

Retrievers, listen up — Six cyber scams you do not want to fall for.

Number one: Random Duo Push notifications.

If you didn’t log in, don’t hit accept. That’s literally letting an attacker walk into your account.

Number two: Free gift cards, pianos, and tools in your inbox.

Yeah, no. If they ask you to ‘send cash first,’ it’s a total scam. Also, your professors and the administration are not going to ask you to buy gift cards for them.

Number three: Job offers that sound like, ‘Work two hours a week, get $500.’

If it’s that easy, it’s fake. Real jobs are on Handshake.

Number four: Phishing forms.

UMBC will never ask for your password, Duo code, social security number, or birthday through Monday.com or Google Forms. If you see that, report it faster than you sprint to class after hitting snooze.

Number five: Copy this command.

If you get an error on a website that asks you to copy a command to the Run menu, PowerShell, or Terminal, don’t do it! This is an attacker trying to compromise and take control of your machine.

And number six: ‘Your UMBC account is about to be deactivated.’

Your account isn’t going anywhere. Don’t click the link.

Stay alert online, don’t get scammed.

DoIT has detected several sophisticated email phishing scams attempting to steal user account credentials across campus. These scams have directed users to enter their username and password into online forms hosted by Google or monday.com to supposedly prevent account deactivation, or have solicited new (fake) job opportunities. 

How these Scams Work

• Malicious emails disguise themselves as official UMBC communications, potentially using compromised accounts to appear legitimate

• Goal: Trick users into revealing login information or provide personal/financial details

• Compromised accounts are being used to send massive spam campaigns

• Job scam victims may have financial losses

Protect Yourself

• NEVER enter login credentials into any suspicious emails or forms

• NEVER reply to unexpected emails requesting personal information

• NEVER send personal or financial information in an SMS or WhatsApp message to someone you don’t know

• ALWAYS verify the sender's email address carefully

• ALWAYS check for any unusual formatting, strange wording, or suspicious links

Read more about how you can identify phishing here.

If You Receive a Suspicious Email

• Do not click on any links

• Do not download any attachments

• Forward the email to: security@umbc.edu

• Delete the email immediately

Read more about what you can do if you receive a suspicious email here.

If You Believe Your Account Is Compromised

• Change your account password immediately

• Contact UMBC Technology Support Center or IT Security for additional assistance

Stay vigilant. Protect your account. Protect our community.

Over the weekend, some members of the UMBC community may have received messages (via text or email) like the ones shown below, prompting users to renew their UMBC Alert account.

These messages are legitimate and come from Omnilert, UMBC’s official emergency notification system. They are part of a scheduled renewal process to ensure that stale or inactive contact methods are removed and that users still wish to receive urgent campus notifications.

To continue receiving alerts, users must visit the Setup Omnilert Alerts page and re-confirm their preferred contact methods (SMS or email).

✅ Action Required

1. Go tomy.umbc.edu/go/alerts, 

2. Click on “Setup Omnilert Alerts”, and 

3. Follow the instructions to update or confirm your alert preferences.

We strongly encourage all current students, faculty, and staff to remain subscribed. These alerts are a key part of UMBC’s campus safety infrastructure.

Learn more:

How do I sign up to receive emergency alerts?

—

UMBC Division of Information Technology

doit.umbc.edu