Recently, the Division of Information Technology(DoIT) received multiple reports of job phishing emails. The scammers sending these emails are impersonating Professor Alan Sherman in the Computer Science Department. Below is an example of the email. For privacy purposes, we removed the To field.

Please note that Professor Sherman did not send these messages. Two visible red flags in these emails are:

1. The From address is not a UMBC email. In the example above, if the Computer Science Department or Prof. Sherman were sending this email, the From address would have been a UMBC email address. However, it was sent from <dmoor105@gmail.com>, which is not a UMBC affiliate. However, please note that the email could have been spoofed, even if it appears to originate from a UMBC email. Therefore, always check with DoIT(security@umbc.edu) or email/contact the impersonated person on a completely different email when you see a conflict in the address.

1. Phone number.  A lot of scammers will ask for your number. If their number gets reported, they could easily get a new one. The same can be said for an email address; however, they will lose responses from other phishing email recipients if their email is blocked. If you ever receive a job offer asking for a phone number in general,  BE SUSPICIOUS!

2. The email template. This template is very common. After a quick Google search, we found three Job scams articles with the same template. So if you are ever in doubt, GOOGLE IT! UMBC will not use a known phishing template to offer you a job opportunity.

If you have received any message similar to the one listed above, please forward it with its headers tosecurity@umbc.edu. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

For more information about phishing, visit:https://itsecurity.umbc.edu/critical/?id=98136.

______________________________________________________________________________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity.

Recently, the UMBC Division of Information Technology(DoIT) received multiple reports of job phishing emails from a compromised UMBC account. The phishers are pretending to offer an Administrative Assistant job. Below is an example of the email. For privacy purposes, we removed the To field.

As mentioned above, the account was compromised. DoIT has secured the account linked with this phishing campaign. THIS JOB OFFER IS NOT REAL! The Career Center did not send this message. Messages from the Career Center do not look like this.

The link in the message takes you to the website below. Once you are on the website, it asks for your name, phone number, email address, and resume. Please do not enter this information on the website.

If you have entered any information on this website, they will likely message you and send you a check. DO NOT DEPOSIT THE CHECK! If you have shared any banking information, CONTACT YOUR BACK IMMEDIATELY!

If you have received any message similar to the one listed above, please forward it with its headers tosecurity@umbc.edu. For instructions, visit https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

If you need further assistance, please contact us at security@umbc.edu.

__________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. For instructions, visit https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity.

Recently, the Division of Information Technology(DoIT) received multiple reports of job phishing emails. The scammers sending these emails are impersonating Professor Alan Sherman in the Computer Science Department. Below is an example of the email. For privacy purposes, we removed the To field.

Please note that Professor Sherman did not send these messages. Three visible red flags in these emails are:

1. The From address is not a UMBC email. In the example above, if the Computer Science Department or Prof. Sherman were sending this email, the From address would have been a UMBC email address. However, it was sent from <nbrandy609@gmail.com>, which is not a UMBC affiliate. 

2. The sender’s name is Prof.Sherman’s name but Brandy Nicole. This is another giveaway that the professor did not send this email. Please note that the From address can be spoofed easily.  It can even appear to originate from a UMBC email, though in this case the sender did not bother. Always check with DoIT(security@umbc.edu) or email/contact the impersonated person on a verifiable email address when you see a conflict in the email headers. You can look up UMBC faculty and staff email at https://www2.umbc.edu/search/directory.

3. Phone number.  A lot of scammers will ask for your number. If their number gets reported, they could easily get a new one. In general, if you ever receive a job offer asking for your phone number or personal email address,  BE SUSPICIOUS! 

4. Request for response by phone text message.  Why would someone send you a job offer in email and then want a text message in response?  First, because your response gives them your phone number, name, standing (freshman, sophomore, etc.), and department.  This provides a good basis for future identity theft.  Second, because it takes the conversation out of the UMBC mail services, which makes it much more difficult to investigate if/when you report the scam.

5. The email template. This template is very common. After a quick Google search, we found three Job scam articles with the same template. So if you are ever in doubt, GOOGLE IT!  UMBC will not use a known phishing template to offer you a job opportunity.

Think about it.  If someone walked up to you on the street, showed you identification under two or three different names, and then made you this offer, would you take it?

If you have received any message similar to the one listed above, please forward it with its headers to security@umbc.edu. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

For more information about phishing, visit:https://itsecurity.umbc.edu/critical/?id=98136.

____________________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity.

Please note that Professor Sherman did not send these messages. Three visible red flags in these emails are:

1. The From address is not a UMBC email. In the example above, if the Computer Science Department or Prof. Sherman were sending this email, the From address would have been a UMBC email address. However, it was sent from <admin@umbc.live>, which is not a UMBC affiliate. Notice that the email's name is not registered under  Prof.Sherman’s name but jok hhg. This is another giveaway that the professor did not send this email. Also, please note that the email From address could have been spoofed, even if it appears to originate from a UMBC email. Always check with DoIT(security@umbc.edu) or email/contact the impersonated person on a verifiable email address when you see a conflict in the email headers. You can look up UMBC faculty and staff email at https://www2.umbc.edu/search/directory.

1. Phone number.  A lot of scammers will ask for your number. If their number gets reported, they could easily get a new one. The same can be said for an email address; however, they will lose responses from other phishing email recipients if their email is blocked. In general, if you receive a job offer asking for your phone number or personal email address,  BE SUSPICIOUS!

1. The email template. This template is very common. After a quick Google search, we found three Job scam articles with the same template. So if you are ever in doubt, GOOGLE IT! UMBC will not use a known phishing template to offer you a job opportunity.

1. Request for response by phone text message.  Why would someone send you a job offer in email and then want a text message in response?  First, because your response gives them your phone number, name, standing (freshman, sophomore, etc.), and department.  This provides a good basis for future identity theft.  Second, because it takes the conversation out of the UMBC mail services, which makes it much more difficult to investigate if/when you report the scam.

If you have received any message similar to the one listed above, please forward it with its headers to security@umbc.edu. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

For more information about phishing, visit:https://itsecurity.umbc.edu/critical/?id=98136.

______________________________________________________________________________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity.

1. Change your password immediately. Changing your password is necessary and should be the first step you take to secure your account. This will essentially kick the hackers off of your account.

2. Change your security questions. Even if you changed your password, they could regain access to your account if your security questions are the same.

3. Check your account activity. Often you will see the IP address of the perpetrator. This is very helpful to security; we can use this to identify other compromised accounts. 

4. Notify Security of the breach. By notifying security (security@umbc.edu), we can inform the campus of the breach. In addition, we can make sure the bad guys got kicked off and identify any other changes made to your account during the compromise.

5. Check your reply-to email. Sometimes, after an account was compromised, the Reply-To email is changed, especially if your email was used for spamming. If this change occurs, you will not receive email from your professors or other staff. Instruction for changing your reply to email can be found here: https://www.gmass.co/blog/reply-to-address/#:~:text=Setting%20the%20Reply%2DTo%20in,address%2C%20and%20hit%20Save%20Changes.

6. Install Duo. Duo is UMBC’s second-factor authentication service. With this, no one can access your account unless they have bothyour password and your phone. For more information, visit: https://wiki.umbc.edu/display/faq/Two-Factor+Authentication+with.+DUO

7. Check your other accounts.  If you used the same password on your UMBC account that you have on any other account (online banking, Instagram, Paypal, etc.), you should assume that all accounts using that password are compromised.  This is a good reason to use different passwords in all important accounts..

Hopefully, these tips will help you feel more confident about your account’s security. If you have any questions or concerns, please feel free to reach out to us atsecurity@umbc.edu.

______________________________________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity.

Recently the Division of Information Technology (DoIT), detected a new phishing campaign targeting the UMBC community. The perpetrators are alerting recipients that their accounts have been disconnected from the umbc.edu server. Below is an example of the message.

Please note that this email is not legitimate. If we realized something was wrong with your account, we would have sent a notification via RT. Also note that the From address is not affiliated with UMBC <matsmoto@msf.biglobe.ne.jp>. The ".jp" at the end means the sender's email provider is in Japan.

If you have received any message similar to the one listed above, please forward it with its headers to security@umbc.edu. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

______________________________________________________________________________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity.

Recently, the Division of Information Technology(DoIT) received multiple reports of job phishing emails. The scammers sending these emails are impersonating Professor Alan Sherman in the Computer Science Department. Below is an example of the email. For privacy purposes, we removed the To field.

Please note that Professor Sherman did not send these messages. Two visible red flags in these emails are:

1. The From address is not a UMBC email. In the example above, if the Computer Science Department or Prof. Sherman were sending this email, the From address would have been a UMBC email address. However, it was sent from <barry01d1@gmail.com>, which is not a UMBC affiliate. Notice that the email's name is not registered under  Prof.Sherman’s name but Barry Melvin's. This is another giveaway that the professor did not send this email. However, please note that the email could have been spoofed, even if it appears to originate from a UMBC email. Therefore, always check with DoIT(security@umbc.edu) or email/contact the impersonated person on a completely different email when you see a conflict in the address.

1. Phone number.  A lot of scammers will ask for your number. If their number gets reported, they could easily get a new one. The same can be said for an email address; however, they will lose responses from other phishing email recipients if their email is blocked. If you ever receive a job offer asking for a phone number in general,  BE SUSPICIOUS!

2. The email template. This template is very common. After a quick Google search, we found three Job scams articles with the same template. So if you are ever in doubt, GOOGLE IT! UMBC will not use a known phishing template to offer you a job opportunity.

Other emails that are sending the same templates:

• talktojameselliot15@gmail.com

• admin@vpn-work.com

• admin@vpn-work.com

• admin@umbc.live

• pamilar001@gmail.com

• jasonharvey001@gmail.com

• mcgerald.collins@gmail.com

If you have received any message similar to the one listed above, please forward it with its headers tosecurity@umbc.edu. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

For more information about phishing, visit:https://itsecurity.umbc.edu/critical/?id=98136.

______________________________________________________________________________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity.

In approximately December 2019, an alleged data breach of the lawyer directory service Avvo was published to an online hacking forum and used in an extortion scam (it's possible the exposure dates back earlier than that). The data contained 4.1M unique email addresses alongside SHA-1 hashes, most likely representing user passwords.

The compromised data was shared in an online hacking forum. Four UMBC accounts were victims of this breach. The victims are being notified via their UMBC emails and/or their alternate emails. If you have an Avvo account, please contact them to see if you have been affected by this breach.

To see if you were involved in any other breach, visit: https://haveibeenpwned.com/.

More about Avvo data breach:

https://www.goincognito.co/alert-4101101-breached-accounts-at-avvo-check-your-email-now/

If you have any questions or concerns, email us at: security@umbc.edu.

Information about this breach was provided to us by Have I Been Pwned(HIBP). 

______________________________________________________________________________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity.

Today, UMBC’s Division of Information Technology, DoIT, received a notification of a phishing campaign targeting the College of Natural and Mathematical Sciences (CNMS). The actors claim to provide a Summer Employee Benefit plan. Below is an example of the message.

The recipients of the message appear to have been taken from the CNMS staff directory (https://cnms.umbc.edu/directory/).

Please note that this message appears to have been sent from a compromised account at the Moore College of Art. It is unlikely that anyone at that institution is involved with employee benefits at UMBC.  Alwars examine unexpected or unusual messages carefully for inconsistencies that may indicate fraud.  If you find something questionable, please message with full headers to security@umbc.edu For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

______________________________________________________________________________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity

Recently, the Division of Information Technology(DoIT) received multiple reports of job phishing emails. The scammers sending these emails are impersonating professors of the different departments at UMBC. The example below impersonates Professor Hennigan of the Department of Economics. For privacy purposes, we removed the To field.

Please note that the Departments or professors did not send these messages. Two visible red flags in these emails are:

1. The From address is not a UMBC email. In the example above, if the Economics  Department or Prof. Hennigan were sending this email, the From address would have been a UMBC email address. However, it was sent from <barry01d1@gmail.com>, which is not a UMBC affiliate. Notice that the email's name is not registered under  Prof.Hennigan’s name but Barry Melvin's. This is another giveaway that the professor did not send this email. However, please note that the email could have been spoofed, even if it appears to originate from a UMBC email. Therefore, always check with DoIT(security@umbc.edu) or email/contact the impersonated person on a completely different email when you see a conflict in the address.

1. WhatsApp/Phone number.  A lot of scammers will ask for your number. If their number gets reported, they could easily get a new one. The same can be said for an email address; however, they will lose responses from other phishing email recipients if their email is blocked. If you ever receive a job offer asking for a WhatsApp number or a phone number in general,  BE SUSPICIOUS!

2. The email template. This template is very common. After a quick Google search, we found three Job scams articles with the same template. So if you are ever in doubt, GOOGLE IT! UMBC will not use a known phishing template to offer you a job opportunity.

The other professors and departments impersonated using a similar template are:

• Professor Brandy Wallace in the Department of Sociology <menitreksksjjekisodrekssj66@gmail.com>

• Professor Anne E. Brodsky in the Department of Psychology <hollywoodardshop@gmail.com>

• Professor Alan Sherman in the Department of Computer Science <mullerjame65@gmail.com>/<menitreksksjjekisodrekssj66@gmail.com>

• Professor Lisa  Dickson in the Department of Economics <joseplhevans@gmail.com>

• Professor Park Do Hwan the Department: Mathematics and Statistics <joseplhevans@gmail.com>

If you have received any message similar to the one listed above, please forward it with its headers tosecurity@umbc.edu. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

For more information about phishing, visit:https://itsecurity.umbc.edu/critical/?id=98136.

______________________________________________________________________________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.