Android Ransomware
Malicious Software Pretending To Provide COVID-19 Info
Android Ransomware
DomainTools discovered that domain names associated with COVID-19 and Coronavirus have spiked in the past few weeks, and many of those domains are considered malicious. One that caught their eye was a website that offers a real-time coronavirus outbreak tracker as an Android app.
The app says that it offers many features like a heat map and other statistical data about COVID-19, but this app is instead ransomware. When downloading the app, it will ask for administrative access promising that this will allow certain types of information. If the app is given administrative access, it is given the opportunity to lock up all contacts, pictures, videos, and social media accounts unless their ransom is paid in Bitcoin. If the ransom is not paid, the attacker threatens to release all private information publicly and erase the phone's memory.
DomainTools offers tips on how to better protect against ransomware and other malware that tries to capitalize on coronavirus. They first state to be sure to only use trusted information sources from the government and research websites, and not to click on anything health related in your emails. Next they ask Android users to ensure that they download apps from the Google Play store, as third-party stores have a much higher risk of downloading malware.
For more information, please check out:
https://www.domaintools.com/resources/blog/covidlock-mobile-coronavirus-tracking-app-coughs-up-ransomware
https://www.us-cert.gov/Ransomware
]]>
Android Ransomware DomainTools discovered that domain names associated with COVID-19 and Coronavirus have spiked in the past few weeks, and many of those domains are considered malicious. One...
https://beta.my.umbc.edu/api/v0/pixel/news/93247/guest@my.umbc.edu/84da75ad259024b2aafd7d464c22f4f9/api/pixel
covid-19
notice
IT Security - DoIT Cybersecurity Assurance and Digital Trust
https://beta.my.umbc.edu/groups/itsecurity
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/original.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxlarge.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xlarge.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/large.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/medium.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/small.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxsmall.png?1777162216
IT Security - DoIT
0
0
true
Mon, 18 May 2020 18:24:13 -0400
COVID-19 Phishing Attacks
A review of different attacks exploiting COVID-19 fears
Tripwire has released an article warning of these COVID19-related phishing scams. This article can be found at this link: https://www.tripwire.com/state-of-security/security-awareness/covid-19-scam-roundup-may-11-2020/
(Fake) Work From Home Offers
PhishLabs discovered a phishing email attack aiming to entice people laid off due to COVID-19 with a work from home opportunity. The one email they found offered $5000 a month for a fake position. If the reader replies, they are asked for personal and financial information and will be given a more detailed job description involving transfering money through the readers accounts. The malicious actors might not only steal money from the readers account, but also could use the reader as a money mule meaning that they could be held liable for the stolen money that passes through their account.
(Fake) IRS Page
Researchers at SecureWorks discovered malicious actors targeting readers with a phishing page designed to look like a tax form given by the IRS. The attack is believed to be distributed through email attacks, and the goal of this attack is stealing the readers tax information. Once the malicious actor has the information, they can then impersonate the reader on the official IRS tax form meaning that they will collect not only their tax return but their stimulus checks as well.
Impersonating Institute of CPAs
The Microsoft Security Intelligence team discovered that some digital attackers were using COVID-19 themed attack campaigns to distribute malware. One example they found showed a malicious actor impersonating the Institute of CPAs. In their emails they were claiming to be delivering COVID-19 related updates to its members as well as containing a ZIP file. The file is instead an executable that will allow the malicious actor to take control of the affected machine.
]]>
Tripwire has released an article warning of these COVID19-related phishing scams. This article can be found at this link:...
https://beta.my.umbc.edu/api/v0/pixel/news/93246/guest@my.umbc.edu/fd27aef2c212c3511943930f04cf4c82/api/pixel
covid19
notice
IT Security - DoIT Cybersecurity Assurance and Digital Trust
https://beta.my.umbc.edu/groups/itsecurity
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/original.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxlarge.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xlarge.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/large.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/medium.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/small.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxsmall.png?1777162216
IT Security - DoIT
0
0
true
Mon, 18 May 2020 18:17:39 -0400
11May2020 Update: COVID-19 Job Scam in Email
Fake Job Offeres Still Coming In
The UMBC Division of Information Technology is still receiving notification of a widespread job scam.
The subject is: UMBC COVID-19 INFORMATION.
Example From: Michael Corel <corelmichael199@gmail.com>
Date: Mon, May 11, 2020 at 9:18 AM
Subject: UMBC COVID-19 INFORMATION
To:
Dear students,
University of Maryland, Baltimore County health professionals have been closely monitoring the spread of COVID-19 over the past two months.Therefore the university is organizing an online part time job to sustain the students living.I'm happy to inform you that our reputable company CORESTAFF SERVICES Inc®,is currently running a student empowerment program.
KINDLY EMAIL BACK WITH YOUR PERSONAL EMAIL ADDRESS IF INTERESTED IN THIS JOB POSITION.
Kind Regards
Michael Corel
HR Manager/Consultant
CORESTAFF SERVICES Inc®
This is a scam! DO NOT REPLY TO IT!
A
reply confirms that your UMBC email address is active. That is an
invitation to get more spam. You are also asked to provide your
personal address. That’s two addresses for spamming. You may then be
asked to fill out a form with personal information which can then be
added to your email address. That means, at least, that the spam can be
targeted to you. If you provide information such as your birthdate,
address, or social security number, the information can also be used for
identity theft.
Even if you are tempted to send the scammer a hostile, insulting message,
DO NOT REPLY!
You will not hurt the scammer’s feelings. You will simply provide information about yourself directly or indirectly.
E-mail
fraud is in the rise. The Division of Information Technology is
tracking it. If you get suspicious email, please forward it to security@umbc.edu. If you are not sure whether it is suspicious, forward it anyway. We will investigate it and get back to you.
]]>
The UMBC Division of Information Technology is still receiving notification of a widespread job scam. The subject is: UMBC COVID-19 INFORMATION. The From: address changes from one burst of...
https://beta.my.umbc.edu/api/v0/pixel/news/93031/guest@my.umbc.edu/1361bf6ecfee48965959b50e412d6962/api/pixel
IT Security - DoIT Cybersecurity Assurance and Digital Trust
https://beta.my.umbc.edu/groups/itsecurity
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/original.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxlarge.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xlarge.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/large.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/medium.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/small.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxsmall.png?1777162216
IT Security - DoIT
0
0
true
Mon, 11 May 2020 11:25:52 -0400
Mon, 11 May 2020 11:27:13 -0400
Email Attacks
A Review Of Recent Email Trying To Infect Your Computer
Email Attacks
Tripwire has released an article warning of these COVID-19 related email scams. The article can be found at this link: https://www.tripwire.com/state-of-security/security-awareness/covid-19-scam-roundup-may-4-2020/
(FAKE) Failed Delivery Notice
They report on a finding from Kaspersky Labs, where they warn of a spam email campaign informing recipients that a delivery attempt had failed because their shipment details were incorrect and the reader needs to update their details. An image of a receipt is included in the message. The receipt is too small to read easily, so the recipient will probably click on it for a better look. Clicking on the attachment will load spyware onto the user's device.
(FAKE) Donation to WHO
A malicious actor sent out emails urging recipients to consider donating to the World Health Organization. The email has a from address of “support@covid-19[.]world” and includes a link at the bottom saying “Help Us Fight”. Clicking the link will take the reader to a malicious domain help-who[.]com. For readers to donate they must click on the embedded link which allows the malicious actors to steal the reader’s payment information.
(FAKE) Update to Family and Medical Leave Act
Finally the article reports that IBM X-Force discovered a phishing email campaign that seemed to be from the US Department of Labor. The email states they have made changes to the “Family and Medical Leave of Act” as a result of COVID-19. This email then asks readers to review the attached word document. The attachment will install malware which puts the reader’s computer under the control of a botnet.
]]>
Email Attacks Tripwire has released an article warning of these COVID-19 related email scams. The article can be found at this link:...
https://beta.my.umbc.edu/api/v0/pixel/news/92998/guest@my.umbc.edu/912d4576f63daa6d0f96033f10a9d408/api/pixel
covid19
notice
IT Security - DoIT Cybersecurity Assurance and Digital Trust
https://beta.my.umbc.edu/groups/itsecurity
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/original.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxlarge.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xlarge.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/large.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/medium.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/small.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxsmall.png?1777162216
IT Security - DoIT
0
0
true
Fri, 08 May 2020 12:31:45 -0400
Fri, 08 May 2020 12:32:40 -0400
COVID-19 Job Scam in Email
New Scam Subject: UMBC COVID-19 INFORMATION
The UMBC Division of Information Technology received notification of a new job scam variant on 08may2020. The subject is: UMBC COVID-19 INFORMATION
From: Koyepes Michael <michaelkoyepes199@gmail.com>
Date: Fri, May 8, 2020 at 9:54 AM
Subject: UMBC COVID-19 INFORMATION
Dear students,
University of Maryland, Baltimore County health professionals have been closely monitoring the spread of COVID-19 over the past two months.Therefore the university is organizing an online part time job to sustain the students living.I'm happy to inform you that our reputable company CORESTAFF SERVICES Inc®,is currently running a student empowerment program.
KINDLY EMAIL BACK WITH YOUR PERSONAL EMAIL ADDRESS IF INTERESTED IN THIS JOB POSITION.
Kind Regards
Koyepes Michael
HR Manager/Consultant
CORESTAFF SERVICES Inc®
This is a scam! DO NOT REPLY TO IT!
A reply confirms that your UMBC email address is active. That is an invitation to get more spam. You are also asked to provide your personal address. That’s two addresses for spamming. You may then be asked to fill out a form with personal information which can then be added to your email address. That means, at least, that the spam can be targeted to you. If you provide information such as your birthdate, address, or social security number, the information can also be used for identity theft.
Even if you are tempted to send the scammer a hostile, insulting message,
DO NOT REPLY!
You will not hurt the scammer’s feelings. You will simply provide information about yourself directly or indirectly.
E-mail fraud is in the rise. The Division of Information Technology is tracking it. If you get suspicious email, please forward it to security@umbc.edu. If you are not sure whether it is suspicious, forward it anyway. We will investigate it and get back to you.
]]>
The UMBC Division of Information Technology received notification of a new job scam variant on 08may2020. The subject is: UMBC COVID-19 INFORMATION From: Koyepes Michael...
https://beta.my.umbc.edu/api/v0/pixel/news/92997/guest@my.umbc.edu/f645a745d90822bcdf375dcead134bfa/api/pixel
covid19
notice
IT Security - DoIT Cybersecurity Assurance and Digital Trust
https://beta.my.umbc.edu/groups/itsecurity
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/original.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxlarge.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xlarge.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/large.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/medium.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/small.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxsmall.png?1777162216
IT Security - DoIT
0
0
true
Fri, 08 May 2020 12:12:25 -0400
Fri, 08 May 2020 12:15:55 -0400
"Password Notification" Scam
Email with bogus link wants to steal your password
This morning DoIT has received several reports of a password change scam that has been going around campus:
If you have received this or a similar email, please do not respond or click on the provided URL. Either one of those actions only shows the malicious actor that they have a valid, active email address.
Please forward the message (with the email headers) to security@umbc.edu, and delete the message.
]]>
This morning DoIT has received several reports of a password change scam that has been going around campus: From: ti93943@wildblue.net Date: Wednesday, May 6, 2020 9:45 AM Subject: Password...
https://itsecurity.umbc.edu
Image
https://assets2-beta.my.umbc.edu/system/shared/attachments/a3664516fd6e1c1137e815970571f775/69edee62/news/000/092/915/2bfe367f6f040df48462a1a9a684ea43/medium.jpg?1588792899
https://beta.my.umbc.edu/api/v0/pixel/news/92915/guest@my.umbc.edu/165851afaec154bbf8b70e452c0dcc34/api/pixel
notice
IT Security - DoIT Cybersecurity Assurance and Digital Trust
https://beta.my.umbc.edu/groups/itsecurity
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/original.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxlarge.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xlarge.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/large.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/medium.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/small.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxsmall.png?1777162216
IT Security - DoIT
https://assets1-beta.my.umbc.edu/system/shared/thumbnails/news/000/092/915/056f70407cf7aa2ee6bd926dadd87e80/xxlarge.jpg?1588780238
https://assets3-beta.my.umbc.edu/system/shared/thumbnails/news/000/092/915/056f70407cf7aa2ee6bd926dadd87e80/xlarge.jpg?1588780238
https://assets3-beta.my.umbc.edu/system/shared/thumbnails/news/000/092/915/056f70407cf7aa2ee6bd926dadd87e80/large.jpg?1588780238
https://assets3-beta.my.umbc.edu/system/shared/thumbnails/news/000/092/915/056f70407cf7aa2ee6bd926dadd87e80/medium.jpg?1588780238
https://assets4-beta.my.umbc.edu/system/shared/thumbnails/news/000/092/915/056f70407cf7aa2ee6bd926dadd87e80/small.jpg?1588780238
https://assets2-beta.my.umbc.edu/system/shared/thumbnails/news/000/092/915/056f70407cf7aa2ee6bd926dadd87e80/xsmall.jpg?1588780238
https://assets3-beta.my.umbc.edu/system/shared/thumbnails/news/000/092/915/056f70407cf7aa2ee6bd926dadd87e80/xxsmall.jpg?1588780238
1
0
true
Wed, 06 May 2020 12:03:21 -0400
Wed, 06 May 2020 15:03:16 -0400
Another Part Time Job Scam...
Last week DoIT received several notifications of yet another part-time job scam arriving at email inboxes on our virtual campus. The To: field has been removed from the example for reasons of privacy.
From: John Welch <blueeyedwelch@gmail.com> Date: Fri, Apr 17, 2020, 1:15 PM Subject: UMBC PARTIME JOB
Corestaff Services is offering you a chance to secure a part time job. Kindly reply back with your alternate email address for more information.
Kind Regards John Welch HR Manager/Consultant Corestaff Services Inc®
|
Over 200 members of the UMBC community received this particular message. One of the reports also noted that a similar scam naming Corestaff Services appeared in 2018 in accounts at Brown University. Brown posted a very detailed analysis of the message at: https://it.brown.edu/alerts/read/corestaff-phishing-email-anatomy-scam.
While this message doesn’t share all the issues of the one that went to Brown, it does raise some questions.
Why would the message come from a gmail account rather than a corporate domain like corestaff.com?
What kind of professional HR Manager uses an account called ‘blueeyedwelch’?
Why do they want your alternate email address before they tell you anything else about the job? They obviously have your UMBC address already.
Why is there no web link or phone number for Corestaff Services anywhere in the message?
“PART-TIME” and “PART TIME” will not set off your spell-checker. “PARTTIME” is not a word.
When you get a message you were not expecting that asks you to provide information, please remember that all information has value. Even the simple fact that you are reading the email sent to your UMBC address has value. If you send a response, even an angry or insulting one, you are giving the sender something of value.
Read once, think twice. If you are unsure, please forward the message to security@umbc.edu. It always helps if you include the headers, too.
(https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970)
]]>
Last week DoIT received several notifications of yet another part-time job scam arriving at email inboxes on our virtual campus. The To: field has been removed from the example for reasons of...
https://beta.my.umbc.edu/api/v0/pixel/news/92403/guest@my.umbc.edu/e8b13b55e9fe43a46feb0839e3421d09/api/pixel
notice
IT Security - DoIT Cybersecurity Assurance and Digital Trust
https://beta.my.umbc.edu/groups/itsecurity
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/original.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxlarge.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xlarge.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/large.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/medium.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/small.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxsmall.png?1777162216
IT Security - DoIT
1
0
true
Tue, 21 Apr 2020 10:17:18 -0400
Guide for Recognizing COVID-19 Scams and Risks
The Center for Internet Security (CIS) posted a guide, on April 13, 2020, about online scams exploiting people’s concerns about the COVID-19. The guide is available at: https://www.cisecurity.org/newsletter
In brief, the guide gives some examples of commonly reported scams such as:
- Fake tests and cures for you to buy,
- Fake health organizations and websites that try to collect personal information about you and/or infect your computer, and
- Fake charities requesting donations.
The guide also makes some suggestions. Briefly:
- Don’t click on strange web links in expected or unusual messages.
- Get your information from known, trusted sources, preferably ending in ‘.gov’. For example:
- Don’t give out personal information (including your SSN and bank information) over the phone or over email.
- Verify a charity before donating anything to it. You can get more guidance about this at https://www.consumer.ftc.gov/articles/0074-giving-charity (Federal Trade Commission or FTC)
]]>
The Center for Internet Security (CIS) posted a guide, on April 13, 2020, about online scams exploiting people’s concerns about the COVID-19. The guide is available at:...
https://beta.my.umbc.edu/api/v0/pixel/news/92402/guest@my.umbc.edu/dafab692cac5f0da4e8c9e2145d4e27a/api/pixel
covid19
IT Security - DoIT Cybersecurity Assurance and Digital Trust
https://beta.my.umbc.edu/groups/itsecurity
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/original.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxlarge.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xlarge.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/large.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/medium.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/small.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxsmall.png?1777162216
IT Security - DoIT
0
0
true
Tue, 21 Apr 2020 10:13:04 -0400
Cyberattacks Delivered By Your Mail Carrier
Scammers and hackers will use any way to get to you...
A group called FIN7 has been using a novel method to target victims. The attack is delivered through USPS mail, the kind that’s delivered into the real mailbox.
The target gets a package in the postal mail containing a message that appears to be from Best Buy. The package contains a letter thanking the victim for being such a good customer, a gift card and/or a teddy bear, and a USB stick supposedly containing a list of special gift items. When the target inserts the USB into a Windows computer, a message pops up saying that the USB device has malfunctioned. The target may then take the stick out, throw it away, and play with the teddy bear. By the time the device has been removed, it’s too late. This stick actually contains a USB keyboard emulator and has been injecting commands into the system. The computer has already downloaded a malicious script that is gathering information about the computer to send back through the Internet to its controller. The script then also downloads more malware.
This attack, unlike most purely IT-based attacks, costs the attackers some money for postage, USB camouflaged keyboards, gift cards, and teddy bears. The FIN7 group has historically been attacking the commercial industries, so some investment is worth the chance of success.
While it seems unlikely that UMBC will be a target, please do not use any USB stick, or anything that looks like a USB stick, unless you trust the source. The best source is an unopened package that you bought yourself.
If you receive any USB devices that you are suspicious of or have any questions about strange computer related activity, please contact us at security@umbc.edu.
Links for more information:
]]>
A group called FIN7 has been using a novel method to target victims. The attack is delivered through USPS mail, the kind that’s delivered into the real mailbox. The target gets a package in...
https://beta.my.umbc.edu/api/v0/pixel/news/92364/guest@my.umbc.edu/6d649ee580b79847014070f4184505cf/api/pixel
notice
IT Security - DoIT Cybersecurity Assurance and Digital Trust
https://beta.my.umbc.edu/groups/itsecurity
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/original.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxlarge.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xlarge.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/large.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/medium.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/small.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxsmall.png?1777162216
IT Security - DoIT
0
0
true
Mon, 20 Apr 2020 12:16:42 -0400
Scam E-mail Spoofing Account of Scott Casper
Scammers are impersonating people to get info and money.
On Monday, 4/13/2020, DoIT was notified by several members of the UMBC community about an e-mail message impersonating Dr. Scott Casper, Dean of the College of Arts, Humanities, and Social Sciences. The messages appear to have been sent on 4/12/2020.
Investigation revealed that this message went to approximately 60 recipients. Based on the recipients, we suspect that the scammer collected email addresses and identifying information about Dr. Casper (e.g. Title, Photo, etc.) from the CAHSS website. Then the scammer selected specific departments from that website and collected more addresses. Since there are still a lot of people in the College who have not received these messages, we request that people be alert when receiving strange-looking messages through e-mail or text.
The message appeared to be from Scott E Casper <casper.umbc@gmail.com>.
This is not actually a UMBC address, since it ends in “@gmail.com”, but a quick glance might not make the distinction. At least one message had a Date field of Date: Sun, 12 Apr 2020 21:12:09 +0100. The timezone GMT+0100 is currently in Western and Central Europe and Western Africa, which is also suspicious.
The subject of the message was: Quick Request and the message itself was brief and vague:
Available?
--
Scott E. Casper
Dean
Professor, History
College of Arts, Humanities, and Social Sciences
In two reported cases in which the recipients responded, they were asked to go to a grocery store and purchase E-bay gift cards. One recipient received the request as a text message after providing a phone number. The text was sent from 585-532-5939.
We all get terse messages, especially as text messages. Be careful, however, before responding to them. Please double-check that the sender’s address actually ends in “@umbc.edu”. Note anything odd about the message headers or the message content. We are all somewhat disoriented by the current conditions and there are people who will try to take advantage of that. Please report any suspicious communications to security@umbc.edu.
]]>
On Monday, 4/13/2020, DoIT was notified by several members of the UMBC community about an e-mail message impersonating Dr. Scott Casper, Dean of the College of Arts, Humanities, and Social...
https://beta.my.umbc.edu/api/v0/pixel/news/92360/guest@my.umbc.edu/4e64d6bc2032a4bce70416c8180b7c07/api/pixel
notice
IT Security - DoIT Cybersecurity Assurance and Digital Trust
https://beta.my.umbc.edu/groups/itsecurity
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/original.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxlarge.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xlarge.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/large.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/medium.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/small.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxsmall.png?1777162216
IT Security - DoIT
0
0
true
Mon, 20 Apr 2020 12:06:50 -0400