Fake COVID-19 Giftcards
If an offer seems too good to be true, it probably is...
For several days, there have been reports of fake gift cards supposedly distributed by Starbucks, Lowes, and Walmart as an ‘apology’ for closing their stores due to social distancing requirements. The Starbucks messages include the offer of a $100 gift card.
If a person clicks on the link in the email message, the person will be taken to a page that will ask for their personal information. Any information that is submitted will be sent to scammers. Malware will also often be installed onto the person's computer.
If an offer seems too good to be true, it usually is. When something seems suspicious, the best thing to do is to contact the company directly to ask if the offer is valid. In the case of Starbucks, you can check the Starbucks app, contact the corporate customer service center, or contact a local store.
For more details, see the following websites:
]]>
For several days, there have been reports of fake gift cards supposedly distributed by Starbucks, Lowes, and Walmart as an ‘apology’ for closing their stores due to social distancing...
https://beta.my.umbc.edu/api/v0/pixel/news/91617/guest@my.umbc.edu/18e95940ddd9459e74d6281278190ea8/api/pixel
covid19
notice
IT Security - DoIT Cybersecurity Assurance and Digital Trust
https://beta.my.umbc.edu/groups/itsecurity
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/original.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxlarge.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xlarge.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/large.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/medium.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/small.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxsmall.png?1777162216
IT Security - DoIT
0
0
true
Thu, 26 Mar 2020 23:35:39 -0400
Thu, 26 Mar 2020 23:46:28 -0400
US DOJ Tracking COVID-19 Scams
The US DOJ has a Coronavirus Fraud Task Force
The US Department of Justice has created a task force to track scams related to COVID-19. The following web page lists many of the types of scams they are tracking: COVID-19 Fraud If you see or are the victim of a scam, please report it to security@umbc.edu and the US DOJ or FBI. Instructions for reporting scams to the DOJ and FBI are listed on the website above.
From the DOJ Web Page:
The Task Force is working to keep the public safe from fraud and scams. Some examples of COVID-19 scams include:
- Treatment scams: Scammers are offering to sell fake cures, vaccines, and advice on unproven treatments for COVID-19
- Supply scams: Scammers are creating fake shops, websites, social media accounts, and email addresses claiming to sell medical supplies currently in high demand, such as surgical masks. When consumers attempt to purchase supplies through these channels, fraudsters pocket the money and never provide the promised supplies.
- Provider scams: Scammers are also contacting people by phone and email, pretending to be doctors and hospitals that have treated a friend or relative for COVID-19, and demanding payment for that treatment.
- Charity scams: Scammers are soliciting donations for individuals, groups, and areas affected by COVID-19.
- Phishing scams: Scammers posing as national and global health authorities, including the World Health Organization (WHO) and the Centers for Disease Control and Prevention (CDC), are sending phishing emails designed to trick recipients into downloading malware or providing personal identifying and financial information.
- App scams: Scammers are also creating and manipulating mobile apps designed to track the spread of COVID-19 to insert malware that will compromise users’ devices and personal information.
- Investment scams: Scammers are offering online promotions on various platforms, including social media, claiming that the products or services of publicly traded companies can prevent, detect, or cure COVID-19, and that the stock of these companies will dramatically increase in value as a result. These promotions are often styled as “research reports,” make predictions of a specific “target price,” and relate to microcap stocks, or low-priced stocks issued by the smallest of companies with limited publicly available information.
The Better Business Bureau has has a website that tracks scams and fraud. BBB Scam Tracker
The Scam Tracker lists information about scams in general, but also has a section about COVID-19 scams. For the full list, please visit the BBB website. Example of scams the BBB is tracking include:
Price Gouging: Ex: Selling $10 health products for $79.99
Fraudulent Products: Ex: Ineffective face masks
Impersonating Officials: Ex: Requesting personal information by posing as an employee of “US Health Care”
Don't fall victim to these attempts to take advantage of vulnerable people. If you do come across a scam, please report it to security@umbc.edu. You can also report it to the BBB through their scam tracker website.
]]>
The Better Business Bureau has has a website that tracks scams and fraud. BBB Scam Tracker The Scam Tracker lists information about scams in general, but also has a section about COVID-19...
https://itsecurity.umbc.edu/covid19
https://beta.my.umbc.edu/api/v0/pixel/news/91572/guest@my.umbc.edu/38ed8ba177b7f58c4c496c9ddcf18902/api/pixel
covid19
notice
IT Security - DoIT Cybersecurity Assurance and Digital Trust
https://beta.my.umbc.edu/groups/itsecurity
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/original.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxlarge.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xlarge.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/large.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/medium.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/small.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxsmall.png?1777162216
IT Security - DoIT
0
0
true
Wed, 25 Mar 2020 12:35:39 -0400
Thu, 26 Mar 2020 22:57:09 -0400
Fake COVID-19 (Coronavirus) Apps
Beware of Fake Coronavirus Smartphone Apps
An Android app, advertised as a coronavirus tracker, mimics the display of the Johns Hopkins Coronavirus Research Center main page but also installs spyware into the phone.1
A similar app was offered from a malicious site that mirrored live data from a legitimate website and added a banner urging viewers to download the malware. If a person was tricked into downloading the malware, the malware would lock the person's phone and present the user with a ransom demand.2
- https://www.forbes.com/sites/thomasbrewster/2020/03/18/coronavirus-scam-alert-covid-19-map-malware-can-spy-on-you-through-your-android-microphone-and-camera/#5857d81c75fd
- https://abcnews.go.com/US/online-scammers-target-vulnerable-internet-users-coronavirus-outbreak/story?id=69675134
]]>
An Android app, advertised as a coronavirus tracker, mimics the display of the Johns Hopkins Coronavirus Research Center main page but also installs spyware into the phone.1 A similar app was...
https://itsecurity.umbc.edu/covid19
https://beta.my.umbc.edu/api/v0/pixel/news/91569/guest@my.umbc.edu/ce3ecf899a5763393224826c8ad4bf6d/api/pixel
covid19
notice
IT Security - DoIT Cybersecurity Assurance and Digital Trust
https://beta.my.umbc.edu/groups/itsecurity
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/original.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxlarge.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xlarge.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/large.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/medium.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/small.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxsmall.png?1777162216
IT Security - DoIT
0
0
true
Wed, 25 Mar 2020 11:57:09 -0400
Thu, 26 Mar 2020 23:00:36 -0400
Phishing Email Impersonates Dr. Hrabowski
Beware of Obvious Signs of Phishing
A new phishing email has been hitting inboxes recently:
Date: Mon, 23 Mar 2020 16:07:19 +0300
From: President Edu
hello good day, let me know when you are available. there is something
i need you to do. i am stuck in a seminar right now, kindly drop your
cellphone number to send text messageFreeman A. Hrabowski III
President
|
This is not a very well-crafted message. Some things to note:
The timezone on the Date, +0300, suggests that the message originated in Eastern Europe, East Africa, or the Arabian Peninsula.
The From header says “President Edu” which is not Dr. Hrabowski’s name.
The email address that the message was sent from does not come from umbc.edu.
The recipient is asked to provide a cell phone number for a text message. Why not just say what needs to be said in the email and provide a cell phone number for the reply?
The capitalization, punctuation, grammar are not professional or proper.
This type of phishing message has become common. If the recipient responds, they will receive a text message asking them to purchase gift cards, and send the relevant gift card information back to the scammers. Messages like this are sometimes texted directly to people’s phones at random. If the gift card information is sent to the scammer, the scammer will immediately drain the money from the gift card, and the money will be gone.
If you receive one of these messages, do not respond or reply. Just forward the message to security@umbc.edu and delete the message.
For more information on spotting phishing message and handling spam, please check out our FAQ: Phishing & Spam
]]>
A new phishing email has been hitting inboxes recently: Date: Mon, 23 Mar 2020 16:07:19 +0300 From: President Edu hello good day, let me know when you are available. there is something i...
https://itsecurity.umbc.edu
https://beta.my.umbc.edu/api/v0/pixel/news/91548/guest@my.umbc.edu/163b4b5742cd76ae50f18c0762bdf279/api/pixel
notice
IT Security - DoIT Cybersecurity Assurance and Digital Trust
https://beta.my.umbc.edu/groups/itsecurity
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/original.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxlarge.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xlarge.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/large.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/medium.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/small.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxsmall.png?1777162216
IT Security - DoIT
0
0
true
Tue, 24 Mar 2020 16:26:48 -0400
Thu, 26 Mar 2020 23:10:09 -0400
Work from Home Email Scam
Something smells a little phishy...
Here is the content of a likely phishing message:
Name of Company:
Asics
JOB TITLE:
Get Paid to Drive
JOB DESCRIPTION:
We seek interested applicants to go about their normal routine with the
advert of the World Athletics Championships OREGON 21 Logo IAAF on their
Car
Qualifications:
Must have a Car, Truck, Van or Motorcycle.
SALARY:
$300 weekly including $50 for gas
For more information interested Candidates should contact:
getpaidtodrive@wrapvertise.org with their personal email.
Micheal Manley
Hiring Coordinator/Logistic Supervisor
|
While we cannot guarantee that this is a scam, we encourage anyone interested by this advertisement to read https://www.asics.com/us/en-us/consumer-alert.html and to contact the company at the email address they provide: aac-PR@asics.com .
]]>
Here is the content of a likely phishing message: Name of Company: Asics JOB TITLE: Get Paid to Drive JOB DESCRIPTION: We seek interested applicants to go about their normal routine with...
https://itsecurity.umbc.edu
https://beta.my.umbc.edu/api/v0/pixel/news/91523/guest@my.umbc.edu/0e519a85d9a7840b3f948fa0f984e0c8/api/pixel
notice
IT Security - DoIT Cybersecurity Assurance and Digital Trust
https://beta.my.umbc.edu/groups/itsecurity
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/original.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxlarge.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xlarge.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/large.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/medium.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/small.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxsmall.png?1777162216
IT Security - DoIT
1
0
true
Mon, 23 Mar 2020 20:08:29 -0400
Tue, 24 Mar 2020 16:31:25 -0400
Spear Phishing Attacks On The Rise
Community members being targeted for gift card scams
The DoIT Security Group has received reports of a phishing scam targeting the UMBC community. Please be aware that hackers are sending these email messages to students, faculty, and staff.
The phishing email contents are similar to the following:
---------------------------------------------------------------
Subject: On Campus and Available?
To:
Are you available?I need you to handle something for
me Now, i'm currently in a meeting with the International
Advisory Committee (IAC) with limited phone call
( phone got broken) and also experiencing some
difficulties at the moment, just reply to my e-mail as
soon as you get this. Are you available?
Best Regards
(Academic Department Chair)
University of Maryland Baltimore County
1000 Hilltop Circle
Baltimore, MD 21250
Sent from my iPad, please excuse any typos or
strange auto-corrections”
---------------------------------------------------------------
There are many characteristics that raise suspicions that this is a phishing email; for example, the vague nature of the email content and poor grammar are red flags. Also, the unrelated nature of the email should be an initial giveaway.
However, the biggest concern is the hacker posing as a trusted entity. In this email, they use a specific form of phishing known as spear phishing to target specific members of the UMBC community. Attackers often gather information about organizations in order to make their phishing scams more personal and believable. Here, the hacker impersonates a number of UMBC personnel in order to target staff within the corresponding departments from the impersonated individuals.
The best defense against spear phishing is vigilance. If you receive this email, please be aware of its malicious nature and do NOT reply to it. Replying to this email could further engage the hacker in hopes that you’ll reveal sensitive information that could compromise your online and physical safety.
For more information regarding phishing and spam FAQs, please see the PHISHING/SPAM FAQS section of
itsecurity.umbc.edu.
Read more here:
]]>
A new ransomware called 'MegaCortex" is hitting enterprise firms in the US and Europe demanding millions of dollars through blackmail and encryption. Read more here:...
https://beta.my.umbc.edu/api/v0/pixel/news/85700/guest@my.umbc.edu/cc8a9b3a1fddc8b1a490ce92291c9d26/api/pixel
it
IT Security - DoIT Cybersecurity Assurance and Digital Trust
https://beta.my.umbc.edu/groups/itsecurity
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/original.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxlarge.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xlarge.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/large.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/medium.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/small.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxsmall.png?1777162216
IT Security - DoIT
0
0
true
Mon, 05 Aug 2019 08:54:20 -0400
U.S. Indicts for Phishing Campaign Targeting Colleges
Retrieved from SCMagazine - By: Bradley Barth
The DOJ indicted three people on multiple charges regarding phishing scams that targeted college employees, banks and other businesses.
Read more here:
]]>
The DOJ indicted three people on multiple charges regarding phishing scams that targeted college employees, banks and other businesses. Read more here:...
https://beta.my.umbc.edu/api/v0/pixel/news/85659/guest@my.umbc.edu/46dfc90aaea9a303246c8c2391f2a929/api/pixel
it
IT Security - DoIT Cybersecurity Assurance and Digital Trust
https://beta.my.umbc.edu/groups/itsecurity
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/original.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxlarge.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xlarge.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/large.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/medium.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/small.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxsmall.png?1777162216
IT Security - DoIT
0
0
true
Thu, 01 Aug 2019 14:39:01 -0400
Thu, 01 Aug 2019 14:41:34 -0400
Capital One Data Breach Hits More than 100 Million People
A woman hacked into Capital One systems; accessing sensitive information such as credit reports and social security numbers of about 140,000 people. The breach affected more than 100 million people in the U.S. and Canada.
Read more here:
]]>
A woman hacked into Capital One systems; accessing sensitive information such as credit reports and social security numbers of about 140,000 people. The breach affected more than 100 million...
https://beta.my.umbc.edu/api/v0/pixel/news/85630/guest@my.umbc.edu/dd66240bde43368a251cba0ec0092033/api/pixel
it
IT Security - DoIT Cybersecurity Assurance and Digital Trust
https://beta.my.umbc.edu/groups/itsecurity
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/original.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxlarge.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xlarge.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/large.png?1777162216
https://assets4-beta.my.umbc.edu/images/avatars/group/7/medium.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/small.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xsmall.png?1777162216
https://assets1-beta.my.umbc.edu/images/avatars/group/7/xxsmall.png?1777162216
IT Security - DoIT
0
0
true
Tue, 30 Jul 2019 15:07:50 -0400