Smartphone Insight has published a handy guide with step-by-step instructions to protect your IoS or Android phone data. With these 17 tips, your device will continuously be up to date. In addition, you will see the cool tricks and tips available on your phone to help encrypt your phone data, best practices to use while in public, and how to secure your data and phone while browsing the internet.

 To read the guide visit: https://smartphoneinsight.com/how-to-keep-your-phone-secure/

______________________________________________________________________________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity.

On September 13, 2021, the domain registrar and web hosting company, Epik, suffered a data breach. This breach contained data for approximately 15 million Epik and non-Epik customers. Allegedly, this was done in retaliation for hosting alt-right websites. The information included email addresses, names, phone numbers, geographical addresses, purchases, and WHOIS records.

The compromised accounts were subsequently made public.  Fifty-three UMBC accounts were victims of this breach. The victims are being notified via their UMBC emails and/or their alternate emails. If you have an Epik account, please contact them to see if you have been affected by this breach.

To see if you were involved in any other breach, visit: https://haveibeenpwned.com/.

More about Epik data breach:

https://amp.cnn.com/cnn/2021/09/21/politics/anonymous-epik-hack/index.html

If you have any questions or concerns, email us at: security@umbc.edu.

Information about this breach was provided to us by Have I Been Pwned(HIBP). 

______________________________________________________________________________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity.

Email scams generally try to create a sense of urgency, often around money.  They either threaten the recipient with imminent financial loss or offer the promise of immediate financial gain as long as the recipient acts quickly.  This scam takes a more subtle approach by suggesting that the recipient has been confused with some company that can supply a product that Mr. Avila is looking for.  A supposed purchase order is attached and the recipient might well consider looking at it for more information.

Once downloaded and clicked, the attachment displays a web page asking for a username and password.  Whatever is entered, the user will get a message that the entry is invalid.  In the meantime, the entered information will be stored on a remote server (in Nigeria in this particular instance).  Eventually, that server will accumulate a list of account/password pairs from people all over the world.

The moral is: If you aren’t sure what’s in it, don’t click it!

For more information about phishing, visit:https://itsecurity.umbc.edu/critical/?id=98136.

If you have received any message similar to the one listed above, please forward it with its headers tosecurity@umbc.edu. For instructions, visit:https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

________________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. For instructions, visit:https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity.

Example 1

Example 2

Example 3

Whenever you receive such emails, always try and verify with the senders on an entirely different email if you know them. Feel free to always send the message to us to validate the email.

For more information about phishing, visit:https://itsecurity.umbc.edu/critical/?id=98136.

If you have received any message similar to the one listed above, please forward it with its headers tosecurity@umbc.edu. For instructions, visit:https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

_________________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. For instructions, visit:https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity.

In September 2020, a Portable Document Format(PDF) file and digital document service, Nitro, suffered a data breach. This breach contained data for approximately 78 million customers and was exposed online. The customer information included names, passwords and the titles of documents. No financial information was leaked.

 1,440 UMBC accounts were victims of this breach. The victims are being notified via their UMBC emails and/or their alternate emails. If you have a Nitro account, please contact them to see if you have been affected by this breach. To see if you were involved in any other breach, visit: https://haveibeenpwned.com/.

More about Nitro data breach:

https://infosec.berry.edu/2021/01/19/data-breach-notification-nitro-pdf/#:~:text=In%20September%20of%202020%20there%20was%20a%20breach,or%20vikings.berry.edu%20email%20address%20 included%20in%20the%20 breach.

If you have any questions or concerns, email us at: security@umbc.edu.

Information about this breach was provided to us by Have I Been Pwned(HIBP). 

______________________________________________________________________________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity.

In June 2018, an online fashion website, Romwe, suffered a data breach. This breach has data for approximately 20 million customers. The data was sold online. The customer information includes names, email addresses, IP addresses, physical addresses, phone numbers, and passwords. No financial information was leaked.

229  UMBC accounts were potential victims of this breach. The victims are being notified via their UMBC emails and/or their alternate emails. If you have a Romwe account, please contact them to see if you have been affected by this breach. To see if you were involved in any other breach visit:https://haveibeenpwned.com/.

More about Romwe data breach:

https://us.romwe.com/datasecurityFAQs-a-1039.html?SASSource=cjunction&affiliateID=100357191_5250933&url_from=cj.com&cjevent=dd0a33c1077f11ec804300290a82b82d

If you have any questions or concerns, email us at:security@umbc.edu.

Information about this breach was provided to us by Have I Been Pwned(HIBP). 

______________________________________________________________________________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity.

Vendor Breaches and Account Compromises

Internet vendors will, at times, suffer data breaches.  Sometimes the service will attempt to contact it’s account holders and other times it won’t.  Often, after some time has passed, the malicious actors who stole the original data or others who have acquired it in the meantime will release it publicly.  UMBC’s Division of Information Technology (DoIT) subscribes to a service called HaveIBeenPwned which looks for such public releases and searches them for email addresses ending in @umbc.edu.

For example, if you registered for a member’s discount card with Giant Food or signed-up for online banking and entered your email address as myname@umbc.edu,  DoIT may receive notification if a publicly released breach included that email address.  This does NOT automatically mean that your UMBC account was compromised.  If you use a different password on your Giant account than you use on your UMBC account, then your UMBC account is still secure.

If DoIT determines that your UMBC account has been compromised (or if we are unable to determine that it hasn’t), your password will be replaced with a random string of text.  You will also receive email in your Password Reset Email account (not your primary UMBC account) notifying you of the password change. 

DoIT has no way of knowing what the new randomized password is, but you can recover access to your account by going to the MyUMBC login page and selecting “Forgot your password?” (see image below).  You will then need to answer the security questions you set up for your account.  After answering correctly, a link will be sent to your designated Password Reset Email account.  If you have trouble with this, the Technology Support Center (https://doit.umbc.edu/tsc/, 410-455-3838) can assist you.

Recently, DOIT received an email from a compromised account at North Central Kansas Technical College(NCKTC) impersonating Dr Hrabowski. The email consisted of a Microsoft word document titled “EVALUATION FORM.” Below is a copy of the email. We removed the name of the NCKTC user and the To field for privacy reasons.

The link for the email will take you to the EVALUATION FORM document. See below to look inside the Word docs. 

This link will ask you to sign in to your Microsoft account to view a file/form that the compromised account shared on One Drive. DO NOT CLICK ON ANY OF THE LINKS IN THE EMAIL OR THE DOCS. However, if you have done so already, please contact us immediately atsecurity@umbc.edu. 

A lot of phishing emails contain a link that asks the recipients to sign into their accounts. Whenever you receive such emails, always try and verify with the senders on an entirely different email if you know them. Feel free to always send the message to us to validate the email.

For more information about phishing, visit:https://itsecurity.umbc.edu/critical/?id=98136.

If you have received any message similar to the one listed above, please forward it with its headers tosecurity@umbc.edu. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

______________________________________________________________________________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity.

Recently, DOIT received multiple reports of suspicious messages about student loans from email addresses with the format <emails@alert###.info>. The recipients of these messages marked them as phishing, but on careful investigation, we realised that these were legitimate. We therefore classified these messages as spam instead of phishing. 

According to Phishing.org, “[p]hishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.” A third party company, CollegeLoans, sent these messages on behalf of these loan companies. Therefore, they are not malicious or criminal; instead, they are commercial. 

Nonetheless, you might not have subscribed to receive these messages; hence they are spam. According to Cisco.com, “[s]pam is unsolicited and unwanted junk email sent out in bulk to an indiscriminate recipient list. Typically, ...sent for commercial purposes.” These emails are advertisements. They target university students since people in this demographic may need help covering tuition costs. 

As mentioned earlier, these loan messages or advertisements originated from the third party company, CollegeLoan. This company is located in Puerto Rico. When you click on the link in the email, they will earn a commission whether or not you apply for the loans. It is business. It’s email marketing. 

CollegeLoans sends out links on behalf of the following companies:

• Sallie Mae Smart Student Loan

• Discover Undergraduate Loan

• Credible Student Loan

• Earnest Student Loan

• College Ave Student Loan

• CommonBond Student Loan

We were also suspicious because clicking the link might take the reader to Amazon.com rather than the advertised site.  Among the information webservers can collect when you click is something called a User-Agent-String.  This string helps the website determine the version of the browser you are using in order to avoid trying to perform advanced functions on old browsers.   Bad actors may use this feature to hide from browsers commonly used to analyze malicious sites. However, we determined that the link is not malicious. 

We are not sure of the reason that CollegeLoans chose to use browser detection. However, it is not uncommon for developers/companies to add this feature to their code/applications. According to  MDN web Docs, using a browser detection would depend on one of the following:

• If you are trying to work around a specific bug in some version of a browser.

• If you are trying to check for the existence of a particular feature.

• If you want to provide different HTML depending on which browser.

Source:

https://www.phishing.org/what-is-phishing

https://www.cisco.com/c/en/us/products/security/email-security/what-is-spam.html#:~:text=Spam%20email%20is%20unsolicited%20and,botnets%2C%20networks%20of%20infected%20computers.

To read more about user agents, visit https://towardsdatascience.com/the-user-agent-that-crazy-string-underpinning-a-bunch-of-analytics-86507ef632f0.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Browser_detection_using_the_user_agent

______________________________________________________________________________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. Instructions for doing so can be found at the UMBC support wiki: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity.