During the past week, the Division of Technology(DOIT) has received phishing reports of scammers impersonating state-licensed retirement support representatives. Below is an example of such a message. The reporter’s name and email have been removed to protect their privacy.

This message is not legitimate. If you have received this email, DO NOT CLICK THE LINK IN THE EMAIL. The link takes you to the website below. DO NOT FILL OUT THIS FORM.

If you have filled out this form, DO NOT JOIN THE APPOINTMENT.If you have joined the video conference or phone call and provided your financial information to the actors, immediately notify your bank. View our article on Identity Theft to help protect your identity: https://itsecurity.umbc.edu/critical/?id=102139

Forward this email with its headers immediately to security@umbc.edu. Instructions on how to find the email headers can be found below.

The HR Department advises that all valid retirement-related emails are sent from their approved retirement vendors

______________________________________________________________________________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. Instructions for doing so can be found at the UMBC support wiki: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity

Recently, the Division of Technology(DoIT) has received phishing reports of scammers impersonating state-licensed retirement support representatives. Below is a copy of such a message. The reporter’s name and email have been removed to protect their privacy.

This message is not legitimate. If you have received this email, DO NOT CLICK THE LINK IN THE EMAIL. The link takes you to the website below. DO NOT FILL OUT THIS FORM.

If you have filled out this form, DO NOT JOIN THE APPOINTMENT.If you have joined the video conference or phone call and provided your financial information to the actors, immediately notify your bank. View our article on Identity Theft to help protect your identity: https://itsecurity.umbc.edu/critical/?id=102139

Forward this email with its headers immediately to security@umbc.edu. Instructions on how to find the email headers can be found below.

The HR Department advises that all valid retirement-related emails are sent from their approved retirement vendors

______________________________________________________________________________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. Instructions for doing so can be found at the UMBC support wiki: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity

1. If I am a student, can I log in from my country of travel?
• Yes, as long as you have a valid UMBC account and the country in question allows internet traffic to and from the United States
2. Can I use a VPN to log in to my UMBC account?
• Yes, in fact we recommend that you use UMBC free VPN GlobalProtect. For instructions on how to install Global Protect, visit: https://wiki.umbc.edu/display/faq/Getting+Connected+with+the+New+UMBC+GlobalProtect+VPN

3. If I am a faculty or staff member, should I notify DoIT of my travel plans?

• Yes, this will help us recognize that you are traveling in the event that our reports flag your account for unusual activity.

4. What is “unusual activity”?

• There are several potential markers for unusual activity.  One of the more common is the “Superman Effect”.  The UMBC Division of Information Technology (DoIT) compares the time and apparent location of each successful authentication with that of the previous authentication.  If the speed required to travel between the locations in the intervening time exceeds a threshold, the account is flagged.

5. What happens if an account is flagged?

• Flagged accounts have their passwords changed to a random string of characters.  The account must be reset by clicking “Forgot your password?” and requesting a reset link be sent to the owner’s password recovery account.

6. If I am a student in a country from which II can access UMBC without a VPN, should I still use a GlobalProtect VPN?

• You do not have to log on to UMBC with the GlobalProtect VPN. However,we do recommend you use it to provide an extra layer of security for whatever information you enter.

7. If I am faculty and staff, should I use GlobalProtect VPN while outside the country?

• If you are handling any sensitive information, we suggest that you use GlobalProtect.  There are some systems which can only be accessed using the GlobalProtect VPN from off-campus, even within the United States.

8. Why should I use GlobalProtect if I already have another VPN like Nord or Express?

• In general, we do not block connections from external VPNs (though there may be specific ones that we block for security reasons).  You are free to use other VPNs should you so choose.  
• Remember, however, questions 4 and 5 above.  If you appear to be authenticating from two widely separated locations in a short time interval. you will have to reset your password.

9. Should I enable two-factor authentication?

• YES! UMBC uses Duo authentication to help secure your accounts. Duo authentication creates an extra authentication step, but provides a valuable extra layer of security.  You should use Duo especially if you are using or handling sensitive information. It is available to all staff and students (and required for some). It is also completely free. For more information about Duo, visit: https://wiki.umbc.edu/display/faq/Two-Factor+Authentication+with+DUO. 

Impersonation Phishing Alert: Department head impersonator

Recently,  DOIT has received notifications of several phishing emails. These messages impersonated the chairs of multiple departments. Below is an example of the email. For privacy purposes, we removed the To section.

After the investigation, we realized that <dept.chair23@gmail.com> was the email responsible for sending these emails. 

If you have received any message similar to the one listed above, please forward it with its headers tosecurity@umbc.edu. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

DO NOT RESPOND to this email. However, if you have done so already, please contact us immediately atsecurity@umbc.edu. 

The Division of Information Technology (DoIT) has received reports of another job scam similar to several seen over the past several months.  Below is the most recent example of this scam with the names and emails removed for privacy reasons.

As with previous versions of this scam, the signature at the end is that of a member of the UMBC faculty with contact information that can easily be copied from campus web pages.  Please note that the From: address is “georgerobertoe@gmail.com”.  No attempt has been made to spoof Prof. Sonnenschein’s address.  Further communication via the ‘functional whatsapp number’ requested will be even hard to trace than this email message.

If the recipient responds, the job offer immediately becomes a job and the first assignment will be to purchase gift cards, get the numbers off the back of the, and send them to the scammer.  In return, the victim will get a picture of a check to print out and deposit using a back phone app.  The check will be invalid, but it may take 3-5 days to find that out.  Whatever money the victim has spent will be gone.  There will be no way to get it back.

If you have received this or a similar scam (just like the ones that are linked above), please do not respond or click on any URLs.

What to do now?

If you do receive this or a similar scam, please DO NOT respond any further or click on any URLs. If you have provided any banking or financial information, please notify your bank or financial institution immediately. If you have been sent a check, you should not attempt to cash or deposit it. If you have deposited a check already, please contact your bank and tell them that it may be part of a scam.

Whether you responded to the scam or not, please forward the message (with the email headers) to security@umbc.edu. We will also keep track of any other information you submit about the scammers, such as their phone numbers. If you were sent a check or other materials, please send pictures of it and the envelope they came in.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970  

To read more articles published by DoIT Security please visit: 

https://itsecurity.umbc.edu/critical/?tag=notice. 

https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19 

The Division of Information Technology (DoIT) has received several reports of insurance scams via telephone and email. To help protect the UMBC community from identity theft, DoIT is sharing some information about identity theft.

According to the Maryland Department of Labor, identity theft is the illegal process of stealing an individual’s personally identifiable information(PPI) such as a social security number (SSN), name, address, credit card, or banking information. These pieces of information can be used to incur debt or purchase things in the victim’s name. They can also be used to make fraudulent insurance claims in the victim's name and to redirect payment to the thief. The victims are not usually aware of the theft until months or years after the crime was committed.

According to the Federal Trade Commission(FTC) and the Maryland Department of Labor, to protect yourself from identity theft follow these steps:

1. Keep your financial records, medical records, and SSN card in a safe place. If you need to get rid of these documents, shred them, use a dark marker to blackout information, or even burn them.

2. Collect your postal mail as soon as it arrives.  Do not leave it where the addresses can be seen (such as on a seat in your car).

3. Never give out your SSN or bank account information over the phone. 

4. If you are filling out a document that requires your SSN or bank account information, contact the organization directly. Ask the question such as:-

1. Why do you need it?

2. How will you protect it?

3. Can you use a different identifier?

4. Can you use just the last four digits of my SSN?

5. Carry a minimal amount of personal information and debit or credit cards with you.

If you have received any emails from ANYONE, your professors included, asking for your SSN or financial information immediately send the email along with the headers to security@umbc.edu. We will help you verify these messages. 

Instruction on how to forward email headers: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

To protect yourself from telephone scam, please read this DOIT article: https://itsecurity.umbc.edu/critical/?id=101261

If you receive a call from ANYONE, UMBC included, asking for your personal information. 

1. Tell the individual that you will call them back. You do not need to rush.

2. Call the organization or person the caller is claiming to be. 

3. Talk to someone in the organization to verify the information that was provided earlier on the phone. It’s okay, you do not have to call the individual back. Always be suspicious of everyone when giving out your PII.

If you think that you are a victim of Identity theft contact the Maryland Office of the Attorney General, Division of Consumer Protection at 410-528-8662 or visit https://www.marylandattorneygeneral.gov/Pages/CPD/default.aspx

In addition to contacting the Division of Consumer protection the Maryland Department of Labor suggests that you do the following:

1. Request copies of your credit report from Experian, Equifax, and TransUnion, the larger credit reporting agencies, and dispute any inaccuracies.

2. Contact the creditors to close the unauthorized accounts, change passwords or restrict access to the accounts.

3. Place fraud alerts and a victim’s statement on each of your credit files maintained with the major credit reporting agencies.

4. Request that the credit reporting agencies remove any inquiries referencing the fraudulent accounts.

5. File a report with your local police department.

6. File a complaint with the Federal Trade Commission: 

7. File a complaint with the Commissioner of Financial Regulation.

8. You may place either a fraud alert or a security freeze on your consumer credit report by contacting each consumer credit reporting agency (Experian, Equifax, and TransUnion) and requesting the appropriate action.

For more information about identity theft (including information about your credit reports) visit:

https://www.consumer.ftc.gov/articles/what-know-about-identity-theft

https://www.dllr.state.md.us/finance/consumers/idtheft.shtml

______________________________________________________________________________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. Instructions for doing so can be found at the UMBC support wiki: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity

The Division of Information Technology (DoIT) has seen reports of a scammer impersonating a UMBC professor. An example of this scam is included below.

The phishing message above is claiming that the scammer is busy and needs the user's help. In the past previous scams like this involved the scammer asking the user to purchase them gift cards, wire transfer money, or purchase them crypto currencies. 

Even though the message looks to be coming from a UMBC personnel, please note the From email is not actually from a UMBC domain but instead is coming from Gmail <officeonline1632@gmail.com>. 

What to do now?

If you do receive this or a similar scam, please DO NOT respond any further or click on any URLs. If you have provided any banking or financial information, please notify your bank or financial institution immediately. If you have been sent a check, you should not attempt to cash or deposit it. If you have deposited a check already, please contact your bank and tell them that it may be part of a scam.

Whether you responded to the scam or not, please forward the message (with the email headers) to security@umbc.edu. We will also keep track of any other information you submit about the scammers, such as their phone numbers. If you were sent a check or other materials, please send pictures of it and the envelope they came in.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970  

To read more articles published by DoIT Security please visit: 

https://itsecurity.umbc.edu/critical/?tag=notice. 

https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19 

The Division of Information Technology (DoIT) has seen a report of a phishing scam where the scammer is asking users to search for a YouTube clip and to share the message. Below is an example of this phishing email.

The phishing email has the subject “For UMBC Athletic staff: Dean hiding writer's identity of his thesis” and is from a <jwhite09@rediffmail.com>. In the past DoIT has seen similar versions of this scam, for more information on those please see this link here https://itsecurity.umbc.edu/critical/?id=98547. 

Please note some of the grammatical mistakes in the message above. These can be a red flag for phishing emails. Some other red flags are the message’s request to the readers to share the message with other UMBC athletic staff, and the fact that the email itself is not even from a UMBC domain but instead rediffmail.com. 

What to do now?

If you do receive this or a similar scam, please DO NOT respond any further or click on any URLs. If you have provided any banking or financial information, please notify your bank or financial institution immediately. If you have been sent a check, you should not attempt to cash or deposit it. If you have deposited a check already, please contact your bank and tell them that it may be part of a scam.

Whether you responded to the scam or not, please forward the message (with the email headers) to security@umbc.edu. We will also keep track of any other information you submit about the scammers, such as their phone numbers. If you were sent a check or other materials, please send pictures of it and the envelope they came in.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970  

To read more articles published by DoIT Security please visit: 

https://itsecurity.umbc.edu/critical/?tag=notice. 

https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19 

The Division of Information Technology (DoIT) has seen many different reports of Phishing and job scam emails sent to UMBC accounts. This article will list some helpful tips to spot phishing emails.

Here are some tips to help spot phishing scams when looking at the email body you should look for:

• Disjointed “From/Received/Reply” email address. Make sure the email address lines up with who the email is from. If you receive an email from a user claiming to be from UMBC, they probably should have emailed from their UMBC account and the X-Sender and Reply-to in the headers shouldn’t be from non-UMBC domains.

• Mis-branded and Disconnected/fake URL. Make sure the URL that the email provides is actually sending you where you think it should. Just hover your mouse over the URL and search engines like Google will show you where it will take you.

• Unexpected file attachments. Never open or download a file from any unsolicited email. This is how malicious software could end up on people's devices.

• MIME-Type mismatches.

• Unexpected requests for action and sense of urgency. A red flag for any phishing email is when the email is not only giving the user a sense of urgency but asking them to perform an action that feels out of place. For example buying gift cards for your boss who is stuck in a meeting.

Another way to check for phishing emails is to look within the email headers. To find out how to see an email header please see the link below on how to forward full email headers.

Within the email headers you can find simple things that show red flags such as again the Reply-To and X-Senders. 

• X-Sender is a good way to tell if an email might be being spoofed as if the from is a UMBC domain but the X-Sender is a random domain this is a red flag.

• Reply-To helps to show if an email is phishing or not as well. If the reply-to is different from the from address that is a red flag. At UMBC we see where scammers will compromise a UMBC account and put their own email address in the reply-to to trick users.

What to do now?

If you do any email that you suspect is a scam, please DO NOT respond any further or click on any URLs. If you have provided any banking or financial information, please notify your bank or financial institution immediately. If you have been sent a check, you should not attempt to cash or deposit it. If you have deposited a check already, please contact your bank and tell them that it may be part of a scam.

Whether you responded to the scam or not, please forward the message (with the email headers) to security@umbc.edu. We will also keep track of any other information you submit about the scammers, such as their phone numbers. If you were sent a check or other materials, please send pictures of it and the envelope they came in.

Information above came from a webinar from https://www.knowbe4.com/.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970  

To read more articles published by DoIT Security please visit: 

https://itsecurity.umbc.edu/critical/?tag=notice. 

https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19 

Many of the scams we see at the Division of Information Technology (DoIT) are coming from emails but scammers do not only use emails to try and scam users out of their personal and financial information. Scammers will also send fake text messages with the same goal.

Just like with phishing and scam emails there are many red flags that you can look out for to help spot and avoid spam and phishing text messages. Here are some red flags:

• Unusually long numbers. Most legit SMS marketing messages will come from a 6-digit code (like 116735) and not a normal 10 or 11 digit number. 

• The text comes from a sketchy email address. Not only should you look out for weird phone numbers but if the text is coming from a weird email that you have no relation to this a sign that it is a scam.

• A sense of urgency. Just like with phishing emails, texting scams will try to trick you into thinking it is an emergency with a sense of urgency. For example calming a family emergency like that your relative needs bail.

• The message seems irrelevant to you. If you receive a message that just does not make any sense like winning a contest or unrelated activities to a business this is a red flag that it could be a scam.

• The text has poor grammar and misspellings. Just like with any type of scam this is always one of the biggest red flags to look out.

• Contains a link. Never click on any links or download anything from any unsolicited texts or emails. This is how malicious softwares can end up on users' devices.

• Too good to be true. Scammers have been known to offer fake free gifts like prizes, coupons, credit cards or even offering to pay for things like your student debt.

Here are some examples of what a text messaging scam might look like:

• Claiming that they have noticed some suspicious activity on your account.

• Claims there’s a problem with your payment information.

• Sends a fake invoice and tells you to contact them if you didn’t authorize the purchase.

• Send you a fake package delivery notification. 

• Claims that someone is in crisis and needs your help like a close family member or friend.

• One DoIT had reported was an insurance scam. More information can be found here https://itsecurity.umbc.edu/critical/?id=101261 

For blocking a number,your phone might have an option to block the user or block any messages from unknown senders or spam. Messaging apps and phone providers might also have the same abilities to block users and spam.

For reporting a message the FTC has a few steps you can follow: 

• If you get an unwanted text message you can report it to the message app that you are using (for example WhatsApp). 

• You can also copy the message and forward to 7726 (SPAM). 

• Finally you can report it to the FTC at https://reportfraud.ftc.gov/. 

What to do now?

If provided any banking or financial information, please notify your bank or financial institution immediately. If you have been sent a check, you should not attempt to cash or deposit it. If you have deposited a check already, please contact your bank and tell them that it may be part of a scam.

If you think you have been sent a scam please report it to security@umbc.edu and if any part of the scam was through emails please provide full email headers as well. We will also keep track of any other information you submit about the scammers, such as their phone numbers. If you were sent a check or other materials, please send pictures of it and the envelope they came in.

For more information from usa.gov please visit:

https://www.consumer.ftc.gov/articles/how-recognize-and-report-spam-text-messages

https://www.zipwhip.com/blog/how-to-identify-a-text-scam/

https://simpletexting.com/how-to-identify-a-text-scam/

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970  

To read more articles published by DoIT Security please visit: 

https://itsecurity.umbc.edu/critical/?tag=notice.     

https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19