Forbes posted an article of a phishing attack discovered by Abuse.ch. This attack is using a Black Lives Matter-themed email phishing campaign with the goal of having readers unknowingly install malware. The attack is said to be sending out emails with the subject “Vote anonymous about ‘Black Lives Matter’ ”. 

The email is said to contain the statement: “Leave a review confidentially about Black Lives Matter… Claim in the attached file”. If the reader clicks on the attached file it will install known at "Trickbot" onto the reader's device. 

If you do receive any email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. As well please do not click on or download any attachments from suspicious emails, this action could put your device at risk. Please forward the message (with the email headers) to security@umbc.edu. 

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

For more information, please check out: 

https://www.forbes.com/sites/thomasbrewster/2020/06/11/watch-out-theres-a-big-black-lives-matter-scam-about/#7449987a62d8

The image as well as original tweet from abuse.ch can be found at: 

https://twitter.com/abuse_ch/status/1270739166716989443?s=20

According to the article linked below, a recent work-from-home scam has been targeting college students. These malicious actors are targeting students via emails that appear to be sent from a college or company advertising fake work-from-home job opportunities.

The malicious actor will use these emails to obtain the students personal information. Once the malicious actor has the students information, they will send a counterfeit check instructing the students to deposit the check into their personal checking account. The malicious actor will then ask the student to withdraw the money and make a payment necessary for the job.

The article states that students who do fall victim to this scam can experience bank accounts being closed due to fraudulent activity and a report filed by the bank with a credit bureau or even law enforcement. The student would also be responsible for reimbursing the bank.

Tips to help spot and avoid these type of scams:

• Research the company first, look for a legitimate website and contact information. Try to find what others are saying about the company as well.

• If they are contacting you and claiming to be from the University, locate the sender’s information through the school website and confirm whether the offer is real or not.

• Look for bad grammar and spelling.

• Offers of employment or pay without an interview are red flags. Legitimate jobs usually want to see who they are hiring.

• Never send funds in the form of cash, check, gift cards or wire transfer to secure a job.

• If you do receive a check from a scam similar to the one above, please do not cash the check.

• If you have provided any banking or financial information to the suspected scammers, please notify your bank or financial institution immediately.

If you do receive any email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu. 

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970  

For more information, please check out:

https://www.winknews.com/2020/06/17/work-from-home-scam-targets-florida-college-students/

Contact tracing is an integral part of the fight against COVID-19.  It speeds response, identifies potential hot spots, and focuses testing efforts.  Unfortunately, it also creates an opportunity for scammers to deploy two of their most powerful tools, impersonating authority and a sense of urgency.

A North Carolina news station conducted an information test by calling a producer's friends and using a script based on CDC recommendations.  

After the initial greeting and confirmation of the subject's name and birth date, the script abandoned the CDC guidelines and started asking for the subject's Social Security number, home address and other personal information.  These questions are presented as necessary to 'confirm' the subject's identity.  In fact, they are the basic elements of identity theft.  Several of the attempts were successful in getting a complete picture of the subject's personal information.

In another part of the same segment, the station interviewed an IT Security professional who demonstrated how a simple, professionally-worded message (from a fictitious contact tracing company) could get recipients to click on a link that could install malware on their computer.  The malware could be leveraged to give  an attacker complete access to all information on the system.

Contact tracing gives scammers a chance to represent themselves as providing a legitimate and authoritative service in combating a pandemic, and to take advantage of the stress their victim may feel on being informed that they have been identified as at-risk for infection.

If you get a text message or email telling you that you will be called by a contact tracer, then just wait for the call.  If you get a message telling you to click a link, DO NOT CLICK THE LINK!

If you live in Maryland, please visit https://coronavirus.maryland.gov/pages/contact-tracing .  If you are called by a legitimate contact tracer, your caller ID will tag the call as MD COVID.  If you do not have caller ID, the calling number should be (240) 466-4488.  You can also call back on (240) 466-4488 if you receive voice mail.  A legitimate contact tracer will not ask you for your Social Security number, bank account number or credit card information, nor will they ask for money.

References:

Rossen Reports: Feds warn of new contact tracing scam

https://www.wxii12.com/article/rossen-reports-scammers-posing-as-contract-tracers/33251285

Notification of Exposure: A Contact Tracer's Guide for COVID-19

https://www.cdc.gov/coronavirus/2019-ncov/php/notification-of-exposure.html

Welcome to covidLINK - Maryland,giv

https://coronavirus.maryland.gov/pages/contact-tracing

Maryland COVID Contact Tracing

https://www.norc.org/Research/Projects/Pages/maryland-covid-contact-tracing-.aspx

Scammers are always inventing new ways to exploit people. However, some of the basic tactics don’t change much. The Cybercrime Support Network (CSN), in partnership with Google, has set up the ScamSpotter web site (https://scamspotter.org/) . Scam Spotter lists Three Golden Rules for spotting a scam.

1. Slow Down: If any organization is rushing you to act fast, this is a red flag. Take your time to get more information. Do not rush.

2. Spot check: Utilize the internet, search for that organization online. If you get unexpected calls, unhang up, then search to verify the phone number.

3. Stop, Don’t Send: Scammers are always demanding payment on the spot, A trustworthy organization would not ask you to send your credit card over texts, phone calls or emails. Scammers love gift cards. Do not send any gift cards to anyone, who you have not verified or know.

If you receive email and are not sure whether it’s a scam, please send  the complete headers to security@umbc.edu.   The UMBC guide to displaying complete email headers can be found at:

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970 

Source: https://scamspotter.org/scams

With COVID-19 present in our day to day lives, malicious actors are taking this opportunity to scam people out of their personal and financial information. Recently the IRS Criminal Investigation Division (IRS-CI) has noticed various campaigns targeting Economic Impact Payments as well as other COVID-19 related scams.

The IRS-CI warns that some of these scams will offer more money from the government or even faster check delivery if the reader shares personal information and pays a small “processing fee.”  The IRS warns that there are no shortcuts for stimulus checks. Malicious actors have also been trying to convince people to “apply” for a second stimulus check. According to a Forbes article, as of right now, there is currently no second stimulus check in the works. 

Malicious actors are also setting up fake charities soliciting donations for individuals, groups and areas affected by COVID-19. Some malicious actors are even offering the chance to invest in companies working on a vaccine, promising that the “company” will dramatically increase in value as a result. Some are even selling fake products like at-home test kits, fake cures, vaccines, pills and giving advice on unproven treatments.

They also warn of phishing campaigns being sent out either through text or emails. These campaigns are using keywords like “Corona Virus,” “COVID-19,” and “Stimulus.” For these campaigns the IRS-CI says the malicious actors' targets are people's personal and financial information.

If you do receive any email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

For more information, please check out: 

https://www.irs.gov/newsroom/irs-warns-against-covid-19-fraud-other-financial-schemes

https://www.forbes.com/sites/kellyphillipserb/2020/06/08/irs-warns-on-covid-19-scams-involving-stimulus-checks-fake-cures--more/#67cdbd937a98

You are working from home, web browser open to whatever resources you need to write a paper, prepare a class, review a budget, or whatever else you need to get your job done.  Suddenly a window you didn’t ask for appears on your screen.  It may look sort of like a normal security product or perhaps it is flashing red and yellow.  There may even be - no kidding - sirens.   The message seared into your eyes tells you that your computer is infectedwith viruses, possibly hundreds of them.  The message says your data may be stolen, or erased, or both.  The message tells you that it is urgent that you click a link to buy and download an antivirus product and/or call a phone number where you will be able to buy a support contract (they just need your bank’s routing number and your account number and they will take care of the details).  If you try to close this window, it wither won’t close or gets replaced by more such windows.  In any case, the message is telling you that the most important thing for you to do immediately is to panic.  The pop-up window is doing it’s very best to get you to act without asking any questions.

This type of malware has become quite common and falls into a class called ‘scareware’.  The goal is to get you to act without thinking about what you’re doing.  If the window won’t go away, turn your computer off and then back on.  Some scareware is attached to your browser and will only reappear when you start whichever browser you were using before.  Other scareware is installed as a program and may reappear when your computer restarts.  It can be extremely annoying, but the real threat is the link and/or phone number that you are asked to use to fix the problem. DO NOT CLICK THE LINK AND/OR DO NOT CALL THE NUMBER.  

General Rule:  Anything, windows, email, articles, etc. that you see on your computer that seems to be trying to induce panic, is probably trying to do just that.  Stay calm and think, don’t click!

Here are some references where you can find out more:

• https://www.aarp.org/money/scams-fraud/info-2019/tech-support.html

• https://www.consumer.ftc.gov/articles/how-spot-avoid-and-report-tech-support-scams

• https://www.businessknowhow.com/security/scareware.htm

• https://computing.which.co.uk/hc/en-gb/articles/207101035-How-to-spot-a-fake-virus-alert

With Covid-19 causing many Americans to file for unemployment, many people are looking for jobs.  Some malicious actors are taking advantage of them by creating new job scams. Here is a list of tips from Forbes to help spot potential job scams.

• Malicious actors will use keywords when describing a job such as “work-from-home”, “work-at-home”, “quick money”, or even “unlimited earning potential”. A legitimate job will usually use keywords along the lines of “remote work”, “virtual work” or “telecommute job”.

• Descriptions and emails for scam jobs will usually have grammatical or spelling errors, while legitimate jobs will not have major errors.

• A malicious actor will want to hire very quickly, they may include keywords like “immediate hire” in the description and any communication will feel urgent. A legitimate job will usually take some time as they want to hire the right people.

• If the job description seems “too good to be true” then it probably is.

• Scam jobs are known for asking for an upfront fee for things like applications, background checks, employee processing or even uniforms. They could also request personal information prior to completing the hiring process. A legitimate job will only request information like tax documents after agreeing to the terms of hire.

• A malicious actor will request to communicate through email or even chat rooms like Google Hangout. Their emails might even try to mimic the real company’s emails. Even if a legitimate job will contact you through websites like LinkedIn.  They will not hire someone without having a phone or video conference interview.

The key to quick scams is urgency.  The scammer doesn’t want you to stop and think, and certainly not to ask questions.  If you are urged to act immediately and told that you will lose a good opportunity or that something bad will happen if you delay, be suspicious.  

Lack of business details is another warning flag. If someone offers you a job without giving you a phone number, street address, or a link to their business to check out, be suspicious.

If the message tells you that your name was provided by UMBC, but asks you to reply from your personal email, ask yourself why they don’t want to use the UMBC email address they just used to contact you.  If you see something inconsistent, be suspicious.

If you do receive any email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu and delete the message.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970 

For more information, please check out:

https://www.forbes.com/sites/ashleystahl/2020/05/11/job-hunting-scams-amid-covid-19-pandemic/#57724b253c57

Many of us lived our lives, at least in part, through computers even before telework and distance learning became the norm.  You may use your computer for writing reports, designing presentations, tracking budgets, email, banking, checking medical records, filing your taxes, and dozens of other necessary work and life-related chores.  Now, suppose someone took your computer and demanded a hundred dollars for its return.  Suppose someone took all the computers in your office or university away and demanded thousands of dollars for their return.  This is what ransomware does.  

Just to be clear, no one shows up, grabs the computer, and runs out the door.  During a ransomware attack, the computer is still there.  The data on the computer, however, all the email, documents, spreadsheets, bookmarks and whatever else you have stored on it is unusable.  It has been encrypted, and you don’t know the password. The data is, for all intents and purposes, gone.

Ransomware will leave your computer just functional enough to pop a ransom note up on the screen.  The note directs the victim to pay a specified amount in cryptocurrency in return for the password.  The payment will be effectively untraceable. Like most ransom situations, you have no assurance beyond the word of obvious criminals that you will get that password, or even that they have it.  Two departments at Michigan State University were struck with ransomware around last Memorial Day and have announced the ransom will not be paid. 

Ransomware is delivered in the same way as other malware.  It usually gets a foothold when a computer user opens infected email, clicks on a malicious link, or installs software from an untrusted source.  It is just as likely to strike any computer as any other malicious program.

Updating your computer regularly with security patches and installing anti-virus protection is always a good idea.  The absolute best defense against ransomware, is to make a backup.  If you have recent copies of your files stored somewhere other than on your computer, you can restore all your data if ransomware hits.  You don’t need to backup all the information on the computer, just the information that is important and irreproducible.  Documents, pictures, address lists, etc. can all be backed up, either to removable media such as a USB thumb drive or an external drive, or to cloud storage.   Microsoft and Apple have both tried to make automatic backup to cloud storage as easy as possible (see Resources below).  There are other options such as Box storage with Box Sync.

IMPORTANT:  If you are working from home using data belonging to UMBC, there may be restrictions on where that data can be stored.  Check with the Division of Information Technology (security@umbc.edu) to find out what options are available.  It is essential that backups of sensitive data be protected and not breached.  

Resources

Windows Backup to Microsoft OneDrive

https://www.microsoft.com/en-us/microsoft-365/onedrive/pc-cloud-backup

Macintosh Backup to iCloud

https://support.apple.com/en-us/HT204025

For more information:

https://www.insidehighered.com/quicktakes/2020/06/04/michigan-state-refuses-pay-ransom-hackers

The Federal Trade Commission warns of a phishing email scam aimed at college students. The malicious actor sends emails out claiming to be from the Financial Department of the student’s university. The email tells readers to click on the provided URL to get messages about their economic stimulus check. Once readers click on the URL it will require a university login to proceed.

These emails are phishing scams and once the URL is clicked on, the reader is either giving the malicious actors their personal information or even allowing malware to be installed onto their devices.

To help spot and avoid scams similar to the one above:

• If you have concerns about an email, look up a phone number or website of the sender/department that the email is claiming to be from. This helps to confirm you are calling someone who is real and not a malicious actor.  If there is no contact information, it very likely is a scam.

• Look out for bad grammar and spelling as this can be a tip-off that the email might be from a malicious actor. 

• Look out for wrong department names. For example the article found that one version of this phishing email claimed to be from the Financial Dept instead of the Financial Aid Department.  

• If you do receive any email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu and delete the message.
  
  

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

UMBC’s Office of Financial Aid and Scholarship:

https://financialaid.umbc.edu/

For more information, please check out:

https://www.consumer.ftc.gov/blog/2020/05/covid-19-scams-targeting-college-students

May 22, 2020

Next Week, Maryland will begin a state-wide effort to trace the spread of COVID-19.  The effort will involve health workers making phone calls to Maryland residents.  This is a very important step in identifying potential disease clusters and everyone’s help is needed.

At the same time, Maryland in general and UMBC in particular have been targets of a wide variety of scams taking advantage of people’s fears and uncertainties around this disease.  It is very possible that unscrupulous people will take advantage of Maryland’s effort as a cover for phone scams.  North Carolina, for instance, started a contact tracing effort last month and has gotten reports of scammers pretending to be health officials and gathering information from residents.

Phone Calls

When you get a call, your caller ID should read “MD COVID”.  You will be asked about your health and about your location and interactions within a period of time.  You will be asked for your birth date, contact information, and information about any COVID-19 test if you have had one.  You will get guidance about potential symptoms to watch for and about self-isolation.

You will NOT be asked for:

• ·        a Social Security number

• ·        financial or bank account information

• ·        personal details unrelated to COVID-19

• ·        photographs or videos

• ·        passwords

• ·        payment

If anyone asks you for this or other information having nothing to do with COVID-19, please do not give it to them. 

Text Messaging

So far, Maryland has not announced that text messaging will be part of the contact tracing effort.  If you receive a text message that asks you to click on a link for contact tracing, do not click it. At best, it will take you to a scam questionnaire requesting your personal information.  Worse, it could download malware to your phone and start harvesting personal information itself.

New Jersey has received reports of text messages pretending to be from contact tracers and telling people that they have already had contact with a potential COVID-19 carrier.  These messages also contain links which will lead to information theft and/or malware.  Contact tracers don’t work like this.

For More Information

Launch of Maryland’s contact tracing effort

• https://www.baltimoresun.com/coronavirus/bs-md-maryland-contact-tracing-operation-coronavirus-reopening-20200521-jn4wfqgjcjdqbkbu454fhqngim-story.html

• https://www.wbaltv.com/article/maryland-contact-tracing-ramps-up/32631045#

FTC Warning about COVID-19 contact tracing text message scams

• https://www.consumer.ftc.gov/blog/2020/05/covid-19-contact-tracing-text-message-scams
  

Scam Warning from North Carolina Attorney General

• https://ncdoj.gov/watch-out-for-covid-19-contact-tracing-scams/

Warning from New Jersey state officials about text message scams

• https://www.nj.com/coronavirus/2020/05/beware-of-coronavirus-contact-tracing-scams-nj-officials-warn-thousands-of-fraud-cases-reported.html