A new wave of Spear-phishing emails hit roughly 300 UMBC inboxes this weekend. An example is shown below, with the From field altered and the To field removed for privacy. There is no body in this particular email.

From: Forged Name <name@gmail.com>

Date: Sat, Jul 25, 2020 at 9:26 AM

Subject: Send me your available text number?

To:

This malicious email uses the name of a UMBC staffer in an attempt to appear credible. However, the Gmail address, unnatural-sounding subject line, and lack of body content are all clear red flags. More generally, be wary of emails from unverified sources with any urgent but unexplained request. Similar emails that were reported previously were precursors to gift card scams.

The best way to avoid these scams is to simply not respond. Instead, report suspicious emails by forwarding them to security@umbc.edu. Include the full email headers by following the instructions athttps://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

For more information on scams and phishing, please visit https://wiki.umbc.edu/pages/viewpage.action?pageId=36766495.

Abnormal Security recently found a Zoom-themed phishing campaign. This campaign is using fake Zoom alerts to steal Microsoft 356 credentials. With the boom in teleworking, workers at many organizations are using products like Zoom.  This has created an opportunity for malicious actors to create phishing campaigns that capitalize on this.

A malicious campaign is sending out emails claiming to be legitimate Zoom notifications and spoofing the actual Zoom email address. The email claims that the user will not be able to use the platform until they click on the embedded link to reactivate their account.

On clicking the link, the user is taken to a fake Office 365 login page. Entering any information into this login will not reactivate any account. It will instead give the username and password entered to the malicious actors.

The article also states that they have seen malicious actors spoof messages from not only Zoom but of WebEx as well. These campaigns are designed to steal credentials or even to

distribute malware.

If you do receive any email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

For more information, please check out:
https://www.bankinfosecurity.com/zoom-themed-phishing-campaign-targets-office-365-credentials-a-14600

During the past week, DOIT has received notifications of several phishing emails. Below is a sample of a Phishing message that over 600 UMBC students have received. For privacy purposes the To field was removed.

From: Summer Woodforest <summerwoodforest@gmail.com> 

Date: Tue, Jul 21, 2020 at 8:30 AM

Subject: CORNERSTONE JOB OFFER.

Dear student,

   We got your contact through your school database and I'm happy to inform you that our reputable company Cornerstone® is currently running a student empowerment program. This program is completely school oriented as it has been designed not to deter you from all school activities which is priority for you and this organisation. This program is to help loyal and hardworking students like you secure a part time job with an attractive weekly salary.

TO PROCEED WITH THIS JOB OFFER, KINDLY REPLY TO THIS MAIL WITH YOUR ALTERNATE E-MAIL ADDRESS IN ORDER TO RECEIVE THE FULL JOB DESCRIPTION.

Best Regards,

Summer Wood,

HR Recruit Manager/Consultant

Cornerstone®,

Staffing-Solutions

Similar phishing emails were received from the following addresses listed below: 

• Gavan Ryan <ryangavan724@gmail.com>

• Clerk Trevor <clerktrevor@gmail.com> 

If you have received any message similar to the one listed above, please forward the message to security@umbc.edu.  Please attach the email headers, information on how to find the email headers can be found here: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

DO NOT RESPOND to this email, if you have done so already please contact us immediately at security@umbc.edu. 

For more information on scams and phishing handling, please visit https://wiki.umbc.edu/pages/viewpage.action?pageId=36766495

To read more articles published by DOIT visit: https://itsecurity.umbc.edu/critical/?tag=notice

Fake Covid-19 Fund Scam

The FTC posted an article warning of a phishing scam that they recently discovered. In this scam, the malicious actor is sending email claiming to be from the FTC and saying that users could get money from a Covid-19 “Global Empowerment Fund.” All that is required of the user is to respond with their bank account information.

This email is a scam.  It is not from the FTC, there is no money and there is no fund. The FTC says that they will never contact you by phone, email, text message, or by social media to ask for financial information, this includes your social security number. They also state that any stimulus checks will be from the IRS , not the FTC.

If you do receive any email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu and delete the message.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

For more information, please check out: 

https://www.consumer.ftc.gov/blog/2020/06/fake-emails-about-fake-money-fake-covid-19-fund

With COVID-19 and associated restrictions remaining prevalent, many malicious actors have used the opportunity to update their phishing email campaigns. The article linked below explains some of the ways malicious actors try and trick people into giving up their information or even into installing malware.

The article states that many of the emails will use subject lines like coronavirus, work reopening, rescheduled meetings, stimulus payments, and new vacation policies. Malicious actors also craft themed emails to look like popular social media sites like Facebook and LinkedIn.

For LinkedIn they noticed subject lines "You appeared in new searches this week," "People are looking at your LinkedIn profile," "Please add me to your LinkedIn Network," and "LinkedIn Password Reset."

 Facebook sees phishing emails using subject lines like "Your Friend Tagged a Photo of You" and "Your friend tagged you in photos on Facebook." Phishing campaigns from Twitter were said to try and entice people with subject lines similar to "Someone has sent you a Direct Message on Twitter."

Other subjects included "A login alert for Chrome on Motorola Moto X," "New voice message at 1:23AM," and "55th Anniversary and Free Pizza". The article also describes some general subjects to look out for:

• Password Check Required Immediately

• Vacation Policy Update

• Branch/Corporate Reopening Schedule

• COVID-19 Awareness

• Coronavirus Stimulus Checks

• List of Rescheduled Meetings Due to COVID-19

• Confidential Information on COVID-19

• COVID-19 - Now airborne, Increased community transmission

• Fedex Tracking

• Your meeting attendees are waiting
  
  

According to the article, the most common subject lines within phishing emails found “in-the-wild” in the last quarter were:

• Microsoft: Abnormal log in activity on Microsoft account

• Chase: Stimulus Funds

• HR: Company Policy Notification: COVID-19 - Test & Trace Guidelines

• Zoom: Restriction Notice Alert

• Jira: [JIRA] A task was assigned to you

• HR: Vacation Policy Update

• Ring: Karen has shared a Ring Video with you

• Workplace: [company_name] invited you to use Workplace

• IT: ATTENTION: Security Violation

• Earn money working from home
  
  

At UMBC some of the most common subject lines for phishing emails seen recently have been “UMBC JOB OPPORTUNITY”, “CORNERSTONE STUDENT JOB OFFER”, “CORNERSTONE JOB OFFER”, “UMBC COVID-19 INFORMATION”, “UMBC COVID-19 PART TIME JOB OFFER” and “WORK FROM HOME.”

If you do receive any email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu and delete the message.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

For more information, please check out: 

https://www.techrepublic.com/article/watch-out-for-these-subject-lines-in-email-phishing-attacks/

The email below is an example of a recent job scam phishing email that has been going around campus. This email, like many other job scam emails, tries to trick users into giving up their personal information like the users address, phone number, and personal email address.

If you do receive this or any other email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

Smishing scams are a type of phishing scam which occurs when a malicious actor sends text messages or direct messages. They follow a similar pattern of acting as if they were from a trusted source like banks, government agencies, or even friends and family, trying to trick users into clicking a malicious link or possibly giving personal and financial information.

In recent years smishing attacks have started to become more numerous and sophisticated. Just like with phishing attacks, smishing also spikes during a crisis like COVID-19. These attacks are designed to exploit the public’s fears and anxieties, making their victims an easier target.

According to the article below, many more adults and children will open a text message or direct message on average compared to an email. Malicious actors can also automate the sending of text and direct messages to thousands or even millions of phone numbers and, unlike emails, there is no viable way for a user to block or flag suspicious messages.

These scams are similar to other phishing scams. They will still instruct the user to perform actions that could be harmful. Some of these actions might include: 

• Replying to the text or direct message with personal or financial information.

• Clicking a link that downloads malicious files or directs them to a website designed to gain the users personal or financial information.

• Asking the user to call a ‘customer service’ number.

• Asking the user to wire money to the malicious actors.
  
  

Tips on how to spot and avoid smishing attacks:

• Do not click on a link or call a number from an unknown number.

• Do not submit personal information to an unknown number.

• If possible try to verify the authenticity of the message by finding the sender’s website and official contact details online. For example if a message is claiming to be from your bank, check the bank's website to find the real contact information.

• If it looks too good to be true, it probably is too good to be true.

• Delete all suspicious texts.

• If the sender has a ‘5000’ number, the message was sent via email and could be malicious.

• If the sender is anything other than a cell phone number, the message may have been sent via email and could be malicious.

• Block unknown numbers if possible.

For more information, please check out: 

https://portswigger.net/daily-swig/what-is-smishing-how-to-protect-against-text-message-phishing-scams

With so many online services associating phone numbers with a person’s identity, it is more important than ever to ensure that malicious actors cannot take control of your number. However, a growing scam called SIM swapping seeks to do just that. Using personal information found or bought online, scammers can call a cell phone service provider while posing as a customer and ask to have the victim’s number transferred to the scammer’s phone. Without the proper precautions, this can all be done without any contact with the real customer.

SIM swap scams can cause more harm than just a fraudulent phone bill. Combined with other personal information, access to a victim’s phone number can allow scammers to access a variety of online accounts, all while posing as the legitimate owner of those accounts. This could even allow access to the victim’s email and online banking accounts. It also allows scammers to bypass any SMS or phone call-based two-factor authentication.

Phone service providers have added a few security measures to help stop SIM swap scams, but they rely on you to keep them secure. First, you can set up a PIN that must be provided before a SIM swap can be completed. Your PIN should be kept private, and should not be based on other personal information, like your birthday. Additionally, you should never send a security code from your provider to the sender of an unexpected text or phone call. Scammers may pose as your service provider before or while attempting a SIM swap scam in an effort to trick you into giving up verification codes sent by your provider. If you receive a code, it is best to contact your provider directly using their official contact information, not a number sent in a text.

For more information, please see:

https://scambusters.org/simswap.html

https://www.wired.com/story/sim-swap-attack-defend-phone/

Mobile devices are now an integral part of our daily lives. They make communication and access to information incredibly convenient from virtually anywhere. This convenience can make it easy to forget that mobile devices are vulnerable to many of the same threats as computers. Here are some common risks to watch out for when using your device.

Unsecured internet connections – Free public Wi-Fi is often unencrypted, meaning other people on the network may be able to access any data you send or receive. Depending on your settings, your device may connect to these networks automatically in order to decrease mobile data use. Consider turning off this feature for more control over your data. However, wired connections in public places may not be secure either, and can be tampered with and monitored or used to send malware to your device. In either case, it is important to know where your connection is coming from and limit transmission of private and sensitive data accordingly.

Malicious apps – Downloaded apps often request a number of permissions that they claim are necessary in order for the app to function. If granted, a malicious app can easily take control of your device. To avoid this risk, only download verified apps from reputable sources, like Apple’s App Store or Google Play. For an example of a malicious app and the damage it can do, check out this article about how one app spreads ransomware:https://itsecurity.umbc.edu/critical/?id=93247.

Loss or theft – Mobile devices contain a plethora of personal data, all of which can be valuable to unscrupulous individuals. Therefore, it is just as important to use a strong password for your phone as it is for your computer. A short PIN may not be enough to stop determined thieves from stealing your data. Consider adding 2-factor authentication by enabling both the password and fingerprint recognition settings, if possible. Finally, remember that remote wiping is an option for cases where your device is permanently lost. This will allow you to delete all data remotely, preventing it from being stolen. For more information on remote wipe, seehttps://insights.samsung.com/2020/05/28/3-things-you-should-know-about-remote-wipe-2/.

For additional information, check out: 

https://cybersecurity.osu.edu/cybersecurity-you/protect-personal-devices/mobile-devices

https://www.pandasecurity.com/mediacenter/panda-security/mobile-security-tips/