Student Work at Home Scam Hackers Offering Jobs at Cisco Systems

A scam message (see below) was sent to about 80 UMBC email addresses on 4/15/2020.  It’s a variation of a scam job offer we saw a few months ago.  


It is NOT from Cisco Systems.  If you respond positively, you will get forms to fill in with lots of your personal and financial information which can be used to rip you off more effectively later.


Replying with a hostile response only lets them know they have a valid, active email address.  Don’t try to hurt their feelings. They really don’t care. This is a business to them. 


Cisco Systems may offer you a job someday, but this isn’t it.


The Division of Information Technology wants to know about suspicious job offers in order to warn the UMBC community.   Please report any offers like this by forwarding them to: security@umbc.edu




From: Candice Terrence <terrencandice@gmail.com>

Date: Wed, Apr 15, 2020 at 2:28 PM

Subject: WORK FROM HOME

To: 


Dear Student,


   We got your contact through your school database and I'm happy to inform you that our reputable company CISCO Systems® is currently running a student empowerment program. This program is completely school-oriented as it has been designed not to deter you from school and other activities which are before you and this organization. You are selected from your school database to partake in the ongoing program. This offer is a PART-TIME position accompanied by attractive weekly wages among all others and reasonable working hours per week.


TO PROCEED WITH THIS JOB OFFER, KINDLY REPLY THIS MAIL WITH YOUR PERSONAL E-MAIL ADDRESS TO RECEIVE THE FULL JOB DESCRIPTION/OFFER FOR THIS OPEN JOB POSITION


Best Regards,


Candice Terrence

HR Recruit Manager/Consultant

CISCO Systems®.


 ]]> A scam message (see below) was sent to about 80 UMBC email addresses on 4/15/2020.  It’s a variation of a scam job offer we saw a few months ago.   It is NOT from Cisco Systems.  If you respond... https://beta.my.umbc.edu/api/v0/pixel/news/92359/guest@my.umbc.edu/24e291852f4f0cbb79829df50a384a5b/api/pixel notice IT Security - DoIT Cybersecurity Assurance and Digital Trust https://beta.my.umbc.edu/groups/itsecurity https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216 https://assets4-beta.my.umbc.edu/images/avatars/group/7/original.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxlarge.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/xlarge.png?1777162216 https://assets4-beta.my.umbc.edu/images/avatars/group/7/large.png?1777162216 https://assets4-beta.my.umbc.edu/images/avatars/group/7/medium.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/small.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxsmall.png?1777162216 IT Security - DoIT 0 0 true Mon, 20 Apr 2020 12:01:09 -0400 Scammers Want Your Information and Money Scammers are finding new ways to get your info and money.
Any good scam, electronic or otherwise, works best when the victim is outside of their normal patterns of life.  A phishing scam has been circulating that claims that you have been exposed to Covid-19 through “a colleague/friend/family member”.  You are asked to print a form attached to the message, which appears to be pre-populated with all your relevant information, and take the printed form to the nearest emergency clinic.  

If the thought that you have been exposed to COVID-19 doesn’t upset you, the idea that your personal information has been magically entered in the form probably should.  Either way, when you open the attachment, an Excel spreadsheet, you are asked to ‘Enable Content’.  Doing so downloads malware which will do its best to collect all the information possible from your computer, potentially including passwords for online accounts, and send the information back to its controller.

In general, if you receive email that immediately appeals to fear, anger, or any other powerful emotion, be wary.  Contact the organization claiming to send the message to you and check out the claims.  Any legitimate message like this should include contact information other than an email return address.  You can also find contact information from the official websites of any organization that is contacting you.  

If you get email with an attachment that you are not expecting, be cautious.  Don't click on an attachment before you know it is legitimate.  Find a way to check the validity of the email before opening the attachment.  

If you receive any email that asks for money or a donation, spend time to check out the sender before sending any money.  Sometimes this may come in the form of people collecting money to help doctors and nurses on the front lines.  Sometimes, scammers may claim to be a hospital caring for a sick relative of yours and asking for you to help cover their hospital expenses.  

Scammers are everywhere, and they are working hard to trick you and get your information and money.  Following your intuition, checking out messages, and being cautious may prevent a big headache.  


Links for more information:
https://www.bleepingcomputer.com/news/security/phishing-attack-says-youre-exposed-to-coronavirus-spreads-malware/

If you want Covid-19 information, try these:
NIH - https://www.nih.gov/health-information/coronavirus
CDC - https://www.cdc.gov/coronavirus/2019-ncov/cases-updates/summary.html
Maryland Department of Health - https://coronavirus.maryland.gov/
Virginia Department of Health - http://www.vdh.virginia.gov/coronavirus/

]]> Any good scam, electronic or otherwise, works best when the victim is outside of their normal patterns of life.  A phishing scam has been circulating that claims that you have been exposed to... https://beta.my.umbc.edu/api/v0/pixel/news/91940/guest@my.umbc.edu/c4f9e1605c98197ef1b3d52aa81d8a77/api/pixel covid19 IT Security - DoIT Cybersecurity Assurance and Digital Trust https://beta.my.umbc.edu/groups/itsecurity https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216 https://assets4-beta.my.umbc.edu/images/avatars/group/7/original.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxlarge.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/xlarge.png?1777162216 https://assets4-beta.my.umbc.edu/images/avatars/group/7/large.png?1777162216 https://assets4-beta.my.umbc.edu/images/avatars/group/7/medium.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/small.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxsmall.png?1777162216 IT Security - DoIT 0 0 true Tue, 07 Apr 2020 17:05:44 -0400 Fake Advertisements and CDC References Just because it's on the web or offered doesn't make it real
The Digital Citizens Alliance (DCA) has issued a report on the presence of advertisements for medical supplies, including a vaccine for Covid-19 (as of 4/7/2020 there is no such vaccine).   These advertisements frequently appear on YouTube and try to add authenticity to their design by including a link to the website of the Center for Disease Control (CDC).   Advertising a non-existent product is a pretty clear tip-off that something is wrong, but some vendors may offer things that actually exist, such as surgical masks.  It is also important to note that even if a vendor offers a real product on their website, it doesn’t mean they have any in stock to ship to you.  

After contacting some of the vendors,  the DCA noted other peculiarities.  One vendor, for instance, refused payment by credit cards but offered to accept other payment methods such as PayPal, gift cards, and BitCoin.  Generally, purchasing with credit cards is safer than using many other payment methods.  Most credit cards provide purchase protection against many forms of fraud and allow you to dispute charges when you don't receive an item or the wrong amount is charged.  

The CDC link under the videos was valid and took the viewer to the latest information from the CDC.  The concern is that people may take this link as some sort of certification by the CDC.  Please note that anyone can insert a link to anything on their website, and the presence of a link on a a web page does not indicate a relationship, certification, or endorsement.  Links to trusted institutions are useless for authentication.

For more information, please check out:  
https://www.digitalcitizensalliance.org/clientuploads/directory/Reports/DCA_Corona_YouTube_Vaccines.pdf

]]> The Digital Citizens Alliance (DCA) has issued a report on the presence of advertisements for medical supplies, including a vaccine for Covid-19 (as of 4/7/2020 there is no such vaccine).   These... https://beta.my.umbc.edu/api/v0/pixel/news/91934/guest@my.umbc.edu/63968b8e7d3a7780c81cc9ff76aa62a0/api/pixel covid19 IT Security - DoIT Cybersecurity Assurance and Digital Trust https://beta.my.umbc.edu/groups/itsecurity https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216 https://assets4-beta.my.umbc.edu/images/avatars/group/7/original.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxlarge.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/xlarge.png?1777162216 https://assets4-beta.my.umbc.edu/images/avatars/group/7/large.png?1777162216 https://assets4-beta.my.umbc.edu/images/avatars/group/7/medium.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/small.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxsmall.png?1777162216 IT Security - DoIT 0 0 true Tue, 07 Apr 2020 14:36:26 -0400 Tue, 07 Apr 2020 14:44:49 -0400 Phishing Email Impersonations Several High Profile Administrators Impersonated
DoIT has been made aware of several new phishing emails from the weekend:

From: Dean Drake <ddrake.umbc.edu@gmail.com>
    Date: Sat, Apr 4, 2020, 2:45 PM
    Subject: Re: Quick One
    To: < @umbc.edu>
    
    --
    Hello,are you available?
    
    Dean Drake
    Associate VP Research
    Research Administration
    Information Technology & Engineering, Room 219

Messages have also been received from the following addresses:
These are all the same type of scam. If the recipient responds, they will receive another message asking to purchase gift cards, and to send the relevant gift card information back to the scammers. These messages often include publicly available directory information to appear more legitimate, though the From address in this case is actually from gmail.com.

If you receive one of these messages, do not respond or reply. Forward the message to security@umbc.edu, and delete the message.

For more information on spotting phishing messages and handling spam, please check out our FAQ: https://wiki.umbc.edu/x/HwMxAg
]]> DoIT has been made aware of several new phishing emails from the weekend: From: Dean Drake <ddrake.umbc.edu@gmail.com> Date: Sat, Apr 4, 2020, 2:45 PM Subject: Re: Quick One To: <... https://itsecurity.umbc.edu https://beta.my.umbc.edu/api/v0/pixel/news/91857/guest@my.umbc.edu/6989ca5b3b159f964fd02054b15986bc/api/pixel notice IT Security - DoIT Cybersecurity Assurance and Digital Trust https://beta.my.umbc.edu/groups/itsecurity https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216 https://assets4-beta.my.umbc.edu/images/avatars/group/7/original.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxlarge.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/xlarge.png?1777162216 https://assets4-beta.my.umbc.edu/images/avatars/group/7/large.png?1777162216 https://assets4-beta.my.umbc.edu/images/avatars/group/7/medium.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/small.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxsmall.png?1777162216 IT Security - DoIT https://assets2-beta.my.umbc.edu/system/shared/thumbnails/news/000/091/857/e28fbf78474e81cf5246e15a4097f6ba/xxlarge.jpg?1586185724 https://assets2-beta.my.umbc.edu/system/shared/thumbnails/news/000/091/857/e28fbf78474e81cf5246e15a4097f6ba/xlarge.jpg?1586185724 https://assets1-beta.my.umbc.edu/system/shared/thumbnails/news/000/091/857/e28fbf78474e81cf5246e15a4097f6ba/large.jpg?1586185724 https://assets3-beta.my.umbc.edu/system/shared/thumbnails/news/000/091/857/e28fbf78474e81cf5246e15a4097f6ba/medium.jpg?1586185724 https://assets3-beta.my.umbc.edu/system/shared/thumbnails/news/000/091/857/e28fbf78474e81cf5246e15a4097f6ba/small.jpg?1586185724 https://assets1-beta.my.umbc.edu/system/shared/thumbnails/news/000/091/857/e28fbf78474e81cf5246e15a4097f6ba/xsmall.jpg?1586185724 https://assets4-beta.my.umbc.edu/system/shared/thumbnails/news/000/091/857/e28fbf78474e81cf5246e15a4097f6ba/xxsmall.jpg?1586185724 0 0 true Mon, 06 Apr 2020 11:13:56 -0400 Mon, 06 Apr 2020 11:15:43 -0400 Fake DocuSign Phishing Message Look out for fake DocuSign Messages

Yesterday morning, between 8:45am and 10:00am, several UMBC users received DocuSign messages offering access to a document called “News Update.pdf” with a button labeled “View Document Now”.  


The From address of the email “dse_docusign2@docusign.umbc.edu” was forged.  This message did not originate from the UMBC’s DocuSign system.  It is, however, an unusually good design for a phishing attack.


In the current work climate, it is easy to overlook unusual features of messages we get in our UMBC email inboxes.  We are also using tools, like Docusign, more than ever. There are people who will try to take advantage of that. While the source of this message is currently under investigation, DoIT wanted to share some of the key features of this message that raise suspicions about its origin.



Example of Malicious DocuSign Forgery:





In the example above there are some tell-tale signs that should raise suspicions.  


  • The message begins with the salutation “DocuSign,” and is from “The DocuSign Team”.  They seem to be addressing themselves.

  • There is no “DocuSign Team”.  DocuSign notifications are from UMBC staff.

  • The From: header in the upper left says “dse_docusign2@docusign.umbc.edu”.  In an actual docusign message, that header would be something like “Andy Johnston via DocuSign <dse_na2@docusign.net>

  • DocuSign message subjects normally start with the words “Please DocuSign”.  This one does not.

  • The point of DocuSign is to be able to verify, by signing, that you have received a document.  There is no reason to do that for a news update. UMBC News is sent out in regular email messages.

Did You Click on the Button?

If you are one of the people who got this message and clicked on the button, you should have gotten this message:



If you selected ‘Proceed’, you would probably have gotten a message that the page was unreachable or the link was invalid.  If you got anything else, please submit a ticket to security@umbc.edu so that we can contact you. ]]> Yesterday morning, between 8:45am and 10:00am, several UMBC users received DocuSign messages offering access to a document called “News Update.pdf” with a button labeled “View Document Now”.  ... https://beta.my.umbc.edu/api/v0/pixel/news/91736/guest@my.umbc.edu/815dcbac850730795560e529bbcf3828/api/pixel covid19 notice IT Security - DoIT Cybersecurity Assurance and Digital Trust https://beta.my.umbc.edu/groups/itsecurity https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216 https://assets4-beta.my.umbc.edu/images/avatars/group/7/original.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxlarge.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/xlarge.png?1777162216 https://assets4-beta.my.umbc.edu/images/avatars/group/7/large.png?1777162216 https://assets4-beta.my.umbc.edu/images/avatars/group/7/medium.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/small.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxsmall.png?1777162216 IT Security - DoIT 0 0 true Tue, 31 Mar 2020 16:35:38 -0400 Tue, 31 Mar 2020 16:36:06 -0400 Home Network Security As we all work and study at home, we need to stay secure.
If you are part of the UMBC community and are reading this in the spring of 2020, then you are very likely working and/or teaching and/or learning from home over the Internet.  In most cases, you have an Internet provider such as Comcast or Verizon and you have a router in your home to connect to them.  The router is your gateway to the Internet.  It is also the Internet’s gateway to you. (See links below for information about  recently discovered vulnerabilities in home routers.)

The Basics
For most people, the home router does two things.  
  1. It creates a small network that your devices can access either through WiFi or through a cable physically connected to the router.
  2. It also connects that little network to your provider and, through them, to the Internet.
Your router comes out of the box pretty much ready to go to work for you, but it’s not usually as secure as it could or should be.  There are a number of settings, especially in older routers, that should be verified or changed to make sure that:
  • No one joins your small home network without your knowledge and permission.
  • No one out on the Internet can tell the router to behave in ways you don’t want it to.
How you view and change these settings will vary with the make and model of your router.  There are some links at the end which may help you, but your best bet is to get the make and model of your router (usually printed on the back or the bottom) and search for them on Google, Bing, or some other search service.  Include terms like “setup”, “manual” and “secure”.  Try to use a site belonging to the router’s manufacturer.  (You will probably be accessing your router through a web browser on your home network.)

Here is an initial to-do list:
  • Secure your wireless connection
    • This is the connection between your wireless devices (laptop, tablet, etc.) and your router on the “small network” in your house.  Make sure encryption is enabled and set to WPA2 or WPA3.  If there is an option for WPS encryption, disable it if possible.  If not possible, consider getting a new router.
  • Change the router’s administrative password
    • There are two different passwords associated with your router.  There’s your WiFi password that is entered in every device on your home WiFi network, and there’s that administrative password that you use to go into your router to view and change its settings.  Modern routers often come with pre-set WiFi passwords.
  • Update your router’s firmware
    • If you’re a Windows user, you have dealt with software updates since you first booted the machine.  This is much the same.   Precisely how you update your router depends on its make and model. If your router has an auto-update feature, you should probably use it.
  • MAC filtering
    • This is not about Apple computers.  Each wifi device, that connects with your router, no matter what kind of device it is, has a unique MAC address that you normally don’t see but can discover.  This allows you to refuse access to all devices other than those whose MAC addresses you explicitly ‘whitelist’ (allow) in your router.  If you’re comfortable doing this, consider implementing it..  WARNING: There’s a security vs. convenience trade-off here. You will have to whitelist every new device that you want to appear on your home network.  
  • If your router has a ‘remote management’ setting, turn it off.

Links for more information:
Links for more information about recently discovered vulnerabilities in home routers:

]]> If you are part of the UMBC community and are reading this in the spring of 2020, then you are very likely working and/or teaching and/or learning from home over the Internet.  In most cases, you... https://beta.my.umbc.edu/api/v0/pixel/news/91732/guest@my.umbc.edu/5359b0cf8623ce3a26a5ae8ef53ac62d/api/pixel covid19 notice IT Security - DoIT Cybersecurity Assurance and Digital Trust https://beta.my.umbc.edu/groups/itsecurity https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216 https://assets4-beta.my.umbc.edu/images/avatars/group/7/original.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxlarge.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/xlarge.png?1777162216 https://assets4-beta.my.umbc.edu/images/avatars/group/7/large.png?1777162216 https://assets4-beta.my.umbc.edu/images/avatars/group/7/medium.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/small.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxsmall.png?1777162216 IT Security - DoIT 0 0 true Tue, 31 Mar 2020 16:16:36 -0400 Telework Security Resources Here are some good resources for securing your telework... More people throughout the United States are teleworking now, including many who have never done so before.  The UMBC community is no exception as many of us work, learn and teach from our keyboards.  All this remote work is opening up new avenues of exploitation for unscrupulous scammers.  DoIT will be posting resources and suggestions to help you maintain security as more of your life moves on-line.

The SANS Institute is offering the SANS Security Awareness Work-from-Home Deployment Kit.

As part of the kit, SANS has posted a five-step guide to teleworking security.  You can find it (in several languages) here:

LinkedIn is offering registered users several LinkedIn Learning courses that focus on being productive while working from home, including tips on using virtual meeting tools to build relationships in a new working environment. 

NIST has posted a well-designed graphic to help organizations secure conference calls.

INFOSEC has published an article that discusses remote working security, including a brief description of VPN technology.

The National Cyber Security Alliance (NCSA) has posted the “COVID-19 Security Resource Library” of security links for teleworkers.

]]> More people throughout the United States are teleworking now, including many who have never done so before.  The UMBC community is no exception as many of us work, learn and teach from our... https://beta.my.umbc.edu/api/v0/pixel/news/91731/guest@my.umbc.edu/5953a0b0826f029855bc77da1d65b6e8/api/pixel covid19 notice IT Security - DoIT Cybersecurity Assurance and Digital Trust https://beta.my.umbc.edu/groups/itsecurity https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216 https://assets4-beta.my.umbc.edu/images/avatars/group/7/original.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxlarge.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/xlarge.png?1777162216 https://assets4-beta.my.umbc.edu/images/avatars/group/7/large.png?1777162216 https://assets4-beta.my.umbc.edu/images/avatars/group/7/medium.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/small.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxsmall.png?1777162216 IT Security - DoIT 0 0 true Tue, 31 Mar 2020 15:47:52 -0400 Tue, 31 Mar 2020 15:48:15 -0400 Unexpected Calendar Invites and Meeting/Class Messages Beware of Unexpected Calendar Invites and Meeting Messages As we have all begun to work and attend classes remotely, we are receiving more and more meeting messages and calendar invites.  Almost all of these messages and calendar entries include links to Webex, Google Hangouts, or Blackboard Collaborate sessions.  

Email messages can be easily faked and anyone can send a calendar invitation that could pop up on your google calendar.  Neither email nor Google Calendar validate the identity of the sender of a message or invite.  It is essential that we be on the lookout for hackers potentially sending fake messages for meetings/classes and calendar invites with links that could include malware.  

Some signs to look out for include:
  • A meeting/class or calendar entry that you did not expect.
  • An invitation or meeting/class message from outside of UMBC.
  • A meeting/class on a service other than Webex, Google, or Blackboard Collaborate.
  • A meeting/class at a strange time.
  • An unusual list of guests for meetings/classes you typically attend.
Also, please be wary of messages with poor grammar, punctuation, spelling, or other telltale signs of phishing.  See our FAQ Collection for more details on spotting spam and phishing.  Phishing & Spam

As always, if a message or calendar invite looks suspicious, please contact the meeting host or professor directly to validate the meeting before clicking on the meeting link.  

If you see a suspicious meeting/class related message or calendar entry, please notify security@umbc.edu immediately.  
]]> As we have all begun to work and attend classes remotely, we are receiving more and more meeting messages and calendar invites.  Almost all of these messages and calendar entries include links to... https://beta.my.umbc.edu/api/v0/pixel/news/91621/guest@my.umbc.edu/f98a8ddcd68e5c2797c5444edb881d92/api/pixel covid19 notice IT Security - DoIT Cybersecurity Assurance and Digital Trust https://beta.my.umbc.edu/groups/itsecurity https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216 https://assets4-beta.my.umbc.edu/images/avatars/group/7/original.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxlarge.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/xlarge.png?1777162216 https://assets4-beta.my.umbc.edu/images/avatars/group/7/large.png?1777162216 https://assets4-beta.my.umbc.edu/images/avatars/group/7/medium.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/small.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxsmall.png?1777162216 IT Security - DoIT 0 0 true Fri, 27 Mar 2020 00:45:09 -0400 COVID-19 Insurance Scams Beware of Insurance Scams
There are many efforts underway to steal information and money through insurance scams.  Some of the recent scams involve:
  • Fake "corona" insurance,
  • Bogus calls warning that your health insurance was cancelled,
  • Offers of all sorts of coronavirus medications,
  • Robocalls offering "special virus test kits" and asking for Medicare numbers, SSNs, insurance information, and other medical information, and
  • Fake coronavirus travel insurance.
As mentioned in the article:

Caution is your best corona vaccine:
  • Never give out your personal info unless you requested. This includes medical, healthcare policy, SSN, credit or other info to a stranger or robocall. It’s a scam.
  • Don’t click on emails, attachments, weblinks or social-media posts unless they’re from people or organizations you know.
  • Hang up on recorded robocalls or live callers pitching low-cost insurance, or who ask for your personal information unsolicited.
  • Don’t click on links from unknown sources in a text message or e-mail. The links could download viruses or malware.
  • Ignore online offers for vaccinations. There currently are no vaccines, pills, “organic” or other prescription or over-the-counter products for coronavirus.
Article:  https://www.insurancefraud.org/blog/mar-2020/lets-vaccinate-against-corona-insur
]]> There are many efforts underway to steal information and money through insurance scams.  Some of the recent scams involve: Fake "corona" insurance, Bogus calls warning that your health... https://beta.my.umbc.edu/api/v0/pixel/news/91620/guest@my.umbc.edu/61da533e61dcc6bbb00baaddf6eabd8a/api/pixel covid19 notice IT Security - DoIT Cybersecurity Assurance and Digital Trust https://beta.my.umbc.edu/groups/itsecurity https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216 https://assets4-beta.my.umbc.edu/images/avatars/group/7/original.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxlarge.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/xlarge.png?1777162216 https://assets4-beta.my.umbc.edu/images/avatars/group/7/large.png?1777162216 https://assets4-beta.my.umbc.edu/images/avatars/group/7/medium.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/small.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxsmall.png?1777162216 IT Security - DoIT 0 0 true Fri, 27 Mar 2020 00:16:15 -0400 Fri, 27 Mar 2020 00:18:49 -0400 Fraudulent Requests for Medicare Information and $1000 Offer Don't Give out Information or Fall for Unreal Offers

The South Florida Sun-Sentinel reports a warning from the Florida Attorney General about recent COVID-19 scams.  In one case, ”a 90-year-old woman was asked for her Medicare number so she could receive a free COVID-19 testing kit”.  In another, people received unsolicited text messages asking them to click a link for a $1000 support payment. See the following news article for details: COVID-19 scams prompt statewide warnings


If you receive an unsolicited call, email message, or text message asking for personal information or making an offer that is too good to be true, don't respond. Contact the organization making the request or offer directly and make sure the request or offer is valid.


Please report all scams to security@umbc.edu.




 ]]> The South Florida Sun-Sentinel reports a warning from the Florida Attorney General about recent COVID-19 scams.  In one case, ”a 90-year-old woman was asked for her Medicare number so she could... https://beta.my.umbc.edu/api/v0/pixel/news/91619/guest@my.umbc.edu/aa8400e83d4f4ede952e17e8354a7b06/api/pixel covid19 notice IT Security - DoIT Cybersecurity Assurance and Digital Trust https://beta.my.umbc.edu/groups/itsecurity https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216 https://assets4-beta.my.umbc.edu/images/avatars/group/7/original.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxlarge.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/xlarge.png?1777162216 https://assets4-beta.my.umbc.edu/images/avatars/group/7/large.png?1777162216 https://assets4-beta.my.umbc.edu/images/avatars/group/7/medium.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/small.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216 https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxsmall.png?1777162216 IT Security - DoIT 0 0 true Thu, 26 Mar 2020 23:57:22 -0400 Fri, 27 Mar 2020 00:19:07 -0400