On June 19, 2020 an online antique Marketplace, LiveAuctioneers, suffered a data breach. Approximately 3.4 million records were leaked. The records include names, email and IP addresses, physical addresses, phone numbers and passwords stored as unsalted MD5 hashes.The information was sold online and redistributed to a hacking forum.
29 UMBC accounts were victims of this breach. The victims are being notified via their UMBC emails and/or their alternate emails. If you have a LiveAuctioneers account, please contact them to see if you have been affected by this breach. To see if you were involved in any other breach visit: https://haveibeenpwned.com/.
More about LiveAuctioneers data breach:
If you have any questions or concerns email us: security@umbc.edu
Information about this breach was provided to us by Have I Been Pwned(HIBP).
_____________________________________________________________________________________
Receive any suspicious emails?
Forward it to security@umbc.edu along with the email headers. Instructions for doing so can be found at the UMBC support wiki: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.
Need to set up a recovery email for your UMBC account?
Follow the instructions here: https://my3.my.umbc.edu/groups/itsecurity/posts/94776
With Covid-19 being something we all face in our daily lives, malicious actors are not giving up on scamming people out of not only their personal and financial information, but are also trying to get their victims’ money or even just installing a malicious software onto their victim’s devices.
The article linked below from Forbes is a good reminder that there are still many types of Covid-19 themed threats from phishing scams to fake websites.
Phishing Scams
Phishing emails are one of the biggest scams out there. As time goes on the scammers get more and more creative with their phishing techniques. With many people worried about Covid-19 and working from home, scammers are posing as loan specialists, health officials, and national authorities. For example, some scammers send emails that appear to be from the World Health Organization (WHO) or the Center for Disease Control and Prevention (CDC).
Here are some tip to look for to try and spot a phishing email:
Unfamiliar email address
Generic greetings
Spelling and grammatical errors
Sense of urgency or demand for immediate action
Request for banking or personal information
At UMBC we see phishing emails with scammers saying that they are from places like Cisco or Corestaff trying to give work from home opportunities to students. We have also seen attempts in which a compromised umbc account will be used to send out phishing emails. For more information on these scams or other tips please check out the DoIT security articles which are linked below.
If you do receive any email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu.
How do I forward full email headers?
https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970
Bogus Websites
Another common scamming technique is the use of fake websites. Scammers will provide a link to these websites in their phishing emails to make the scam more believable. The scammer tries to make the website look as legitimate as possible. They may do this by using similar domain names such as <www.umbc.net>; instead of <www.umbc.edu>;.
There are ways to try and make sure the website you are visiting is legitimate. Before you click, check the link! If you move your cursor over the link without clicking, the real link address should appear at the bottom of your browser.
Here are some other tips to help verify that a website is legitimate:
Check to see if the website has a secure connection, this can be seen at the top left of the search bar where there is a little lock icon.
Look for https in the URL instead of http, (the s stands for secure).
Verify the website's privacy policy if possible.
Check for contact information on the website, if there is no privacy or contact information that is a big red flag.
Watch out for signs of malware, meaning suspicious pop-ups and fake-looking ads.
Fake Advertisements
Similar to the creation of fake websites, scammers are creating fake ads. Scammers use fake ads to trick people into providing information for things like Covid-19 loans and stimulus checks.
Just as with phishing emails, these ads will have a sense of urgency to them. Using terms like “Act now before funds run out.” The important thing to remember here is to not click on ads on unfamiliar websites and pages. Please do not give out personal or financial information online if the person or site that you are giving it to is not secure and trusted.
Phony Phone Calls and Texts
Phishing campaigns are not limited to emails, but can appear in phone calls, text messages, and direct messages (DMs) on social media sites like Facebook and Twitter. If you receive a strange message or voicemail from an unknown sender or caller, do not respond or click on any links.
For text messages and DMs, use the same precautions as with phishing emails. Do not click on links from unsolicited messages, watch out for spelling and grammatical errors, and do not provide any personal or financial information.
For more information on tips to help protect against phishing scams done over text or DMs (also known as “smishing”) please check out this article: https://itsecurity.umbc.edu/critical/?id=94345.
When it comes to phone calls, use caution. Do not give away any personal or financial information over the phone, especially your Social Security number or bank account information. If you feel the call is suspicious, hang up. If the scammers are claiming to be from a company or a bank and you feel the call is suspicious, do not interact try to find the actual customer service number from the company’s website, to confirm if the call was legitimate or not.
For more information, please check out:
To read more articles published by DOIT visit:
https://itsecurity.umbc.edu/critical/?tag=notice.
https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19
]]>With Covid-19 still very present in our day to day lives, many states have started to roll out contact tracing programs to help control the spread of disease. This is done by informing people who have come in contact with someone who has tested positive and warning them to watch for symptoms. But with anything new that starts, malicious actors are quick to jump on the bandwagon and exploit the chance to try and scam people out of personal and financial information.
These scams work by sending an unsolicited message to you via text, email, or a social media app. These messages will explain that you’ve come in contact with someone who has tested positive for Covid-19. The message will instruct you to self-isolate and provide a link for more information. The link can contain malware that could cause harm to your device.
Another version of this scam involves a robocall claiming to be part of “contact and tracing efforts.” The call will inform you that you have come in contact with someone who tested positive for Covid-19. After you elect to speak to a representative, the “contact tracer” asks to verify your personal information. This starts with your full name, date of birth, but can quickly move to personal identifiable information and/or financial information.
Here are some tips to help tell if you are talking to a real contact tracer:
Contact tracers will ask you to confirm your identity, but not financial information. They will ask for you to confirm your name, address and date of birth. They may also ask about your current health, medical history, and recent travels. They will not ask for any government ID numbers or bank account details.
Contact tracers will identify themselves. They should start the call with their name and stating that they are calling from the department of health or another official recognized organization.
Contact tracing is normally done by phone call. Not through social media or texting.
A real contact tracer will never reveal the identity of the person who tested positive.
If you receive a link and are not sure if it is real, double check it. If the contact tracer is claiming to be from the government the URL should end in .gov (for the United States) or .ca (for Canada).
If you live in Maryland, please visit https://coronavirus.maryland.gov/pages/contact-tracing for more information on Maryland’s contact tracing efforts. According to the link above, the caller ID for a Maryland contact tracer should be marked as “MD COVID”. If you do not have caller ID, the phone number you are looking for is (240) 466-4488.
If you do receive a message that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address or phone number is valid. Please forward the message (with the email headers) to security@umbc.edu.
How do I forward full email headers?
https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970
For more information, please check out:
To read more articles published by DoIT visit:
https://itsecurity.umbc.edu/critical/?tag=notice.
https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19
]]>The job scam below was recently reported to DoIT. The subject of the email is just “Internship” and has a very short message as can be seen below. The name and email of the from and to fields were removed for privacy reasons.
From: COMPROMISED EMAIL <@umbc.edu> Date: Sun, 6 Sep 2020 Subject: Internship To: <@umbc.edu> Regards, HR Manager. |
Please note that the phishing message above is supposedly coming froman umbc email but the reply-to in the emails header is set to <charlenabolinlyco21@gmail.com>. This would mean if the user tried to respond to the email above they would not be responding to the umbc email address, but instead they would be directly emailing the scammers at <charlenabolinlyco21@gmail.com>.
If you do receive this or any other email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu.
How do I forward full email headers?
https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970
To read more articles published by DOIT visit:
https://itsecurity.umbc.edu/critical/?tag=notice.
https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19
]]>In the last several days, the UMBC
community has received thousands of fake job offers from "Ryan
Glenn". An example is shown below:
|
You are eligible to apply for an
opening as an Online Personal
|
Summary: The message above is coming from
someone you don’t know and who doesn’t offer a last name. The message asks for detailed information that
can be used for identity theft. It is
from a Gmail account which anyone can create under any name not already in use.
If you respond to this message, you will get something like the one below:
|
From: Ryan Glenn <ryan.glenn.pay@gmail.com> Date: Sat, Aug 29, 2020 at 5:13 PM Hello, further to the interview session I had with you, I am pleased to confirm your appointment as my Personal Assistant. Please find attached detailed offer letter which you will be required to sign, scan and email back to me, you can as well e-sign and send a copy as a confirmation of your acceptance.
Sincerely, Ryan Glenn Vice President FP&A and IR Paylocity
|
There is a Ryan Glenn and he is, in fact, a Vice President with a corporation called Paylocity. However, he does not want to hire you. This is a scam. Please do not reply.
If you do receive email similar to these examples, or any other email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) tosecurity@umbc.edu.
How do I forward full email headers?
https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970
To read more articles published by DOIT Security, visit:
https://itsecurity.umbc.edu/critical/?tag=notice.
https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19
]]>DoIT has been notified of another malicious actor sending out phishing emails claiming to offer job opportunities with Cisco Systems. The email below is similar to the previous phishing attempts, but with a new subject line: “UMBC STUDENT EMPOWERMENT PART TIME JOB OPPORTUNITY.”
From: John Williams <jw821859@gmail.com> Subject: UMBC STUDENT EMPOWERMENT PART TIME JOB OPPORTUNITY Date: August 24, 2020 To: <@umbc.edu> Dear student, We got your contact through your school database and I'm happy to inform you that our reputable company CISCOsystems® is currently running a student empowerment program. This program is completely school oriented as it has been designed not to deter you from all school activities which is priority for you and this organization. This program is to help loyal and hardworking students like you secure a part time job with an attractive weekly salary. TO PROCEED WITH THIS JOB OFFER, KINDLY REPLY TO THIS MAIL WITH YOUR ALTERNATE E-MAIL ADDRESS IN ORDER TO RECEIVE THE FULL JOB DESCRIPTION. Best Regards, John Williams, HR Recruit Manager/Consultant CISCOsystems Inc®. |
If you do receive this or any other email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu.
How do I forward full email headers?
https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970
To read more articles published by DOIT visit:
https://itsecurity.umbc.edu/critical/?tag=notice.
https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19
]]>Recently the DoIT has been notified of a job scam using a compromised UMBC email account to send out fake job offers. An example of the email (with the name of the sender removed for privacy) is shown below.
From: COMPROMISED ACCOUNT <@umbc.edu> Date: Thu, Aug 27, 2020 Subject: Offer To: You are eligible to apply for an opening as an Online Personal Assistant to Ryan Glenn, Investor Relations Paylocity. You will be working remotely and getting paid weekly. You will be required to work for a maximum of an hour daily or six hours weekly. Fill the required information if interested in this opportunity. Name: Physical Address: State: City: Zip Code: Phone #: Email: Alternate Email: A little about you and why you think you should be considered: Send replies to charlenabolinlyco21@gmail.com to apply. Warm Regards Charlena B Publicity Manager |
Please note that this phishing message is coming from a umbc email but the reply-to in the emails headers is set to <charlenabolinlyco21@gmail.com>. This means if the user responds to the email above they would not be responding to the umbc email, instead their email would be sent to the <charlenabolinlyco21@gmail.com>.
If you do receive this or any other email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu.
How do I forward full email headers?
https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970
To read more articles published by DOIT visit:
https://itsecurity.umbc.edu/critical/?tag=notice.
https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19
]]>With classes starting back up, malicious actors will try even harder to steal people's information or commit Identity theft. The article that is linked below has some tips for college students to help avoid Identity theft by monitoring your inbox and detecting fraud.
Here are some of the tips that are recommended for college students:
Send sensitive mail to your permanent home or post office box. Sending your more sensitive mail to a PO box or permanent home is considered much more secure.
Important documents should be stored away safely. Make sure documents like your Social Security card, passport, and bank and credit card statements are stored securely. As well to often shred credit card offers and any other paper document that has sensitive financial information.
Never lend your card or debit card to anyone. If you feel uncomfortable about lending your card just say no. This includes lending your card to a friend, or co-signing for a loan or financing for items like a TV. Also at an ATM making sure that no one is ‘shoulder surfing’ your PIN.
Guard your passwords. Do not give out your passwords to anyone, use strong passwords and do not use the same password for multiple accounts.
Watch out for phishing emails. Be careful not to click on links in unsolicited emails and texts. For more information on phishing email campaigns that could affect UMBC please check out the DoIT Security page main page for more updated information.
Make sure that your computer is up-to-date with antivirus and spyware softwares. Always install any updates and patches to your computer's operating system or browser software. These will help to keep your computer safe from malicious softwares.
Be careful while shopping online. For more information on tips to safely online please check out this article from the Better Business Bureau, https://www.bbb.org/article/news-releases/22474-bbb-warning-be-careful-purchasing-from-unknown-websites-during-covid-19
Check your credit report at least once a year. According to the article you are entitled to one free report a year from each of the tree reporting bureaus: TransUnion, Experian, and Equifax. Look for any suspicious activity or inaccuracies. For more information on this please check the BBB article linked below, this article by the Federal Trade Commision (FTC), https://www.consumer.ftc.gov/articles/0155-free-credit-reports.
If you do receive any email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu.
How do I forward full email headers?
https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970
For more information, please check out:
https://www.bbb.org/article/news-releases/10496-bbb-9-tips-to-avoid-id-theft-on-campus
To read more articles published by DOIT visit:
https://itsecurity.umbc.edu/critical/?tag=notice.
https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19
]]>Initial Scam Message
From: COMPROMISED ACCOUNT <@umbc.edu> Date: Fri, Aug 28, 2020 at 7:47 AM Subject: WorkStudy Update! To: Good morning! My name is <COMPROMISED ACCOUNT>and i currently work with the UMBC educational planning center and i would like to inform you that there is a job opening opportunity available to you, This opportunity is only part time and is not expected to clash with your current school/study schedule.Kindly send in an instant reply if you are in search of a job so you can receive further information.. |
Follow-up Scam Message
From: career management jobs <careerjobsdepartment@outlook.com> Date: Fri, Aug 28, 2020 at 8:48 AM Subject: Re: WorkStudy Update! To: <@umbc.edu> Hello <NAME> Thank you for your interest in the available job position, kindly click on the URL below to view the application portal https://tinyurl .com/JOB-UPDATE |
The first email is similar to a recent trend in phishing campaigns that we have recently seen, except this one uses the compromised account holder’s name in the email message and has changed the subject to “WorkStudy Update!” These campaigns, even if sent from different users with different subjects do seem to have a pattern of using “WorkStudy” in the subject as well as having a similar email format for both messages.
If the user does respond to the first message showing interest, they will receive the second message from a different email address. This is because in the email headers of the first email from the UMBC account, the reply-to is set to the <careerjobsdepartment@outlook.com> so instead of the user emailing the <@umbc.edu> email they are emailing the scammer directly.
The second email contains a link to a malicious site. If you do receive this email please do not click on the URL. In previous similar scams, the scammer is seeking personal information such as name, phone number, email address, home address, age and current occupation. It also invites the user to ‘tell a bit about themselves’ in a free-form text box.
If you do receive this or any other email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu.
How do I forward full email headers?
https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970
To read more articles published by DOIT visit:
https://itsecurity.umbc.edu/critical/?tag=notice.
https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19
]]>DoIT was notified today of a scammer sending out emails claiming to be offering a job opportunity. The message came from a compromised Umbc email account, so the From name was removed for privacy in the example below.
From: COMPROMISED ACCOUNT <@umbc.edu> Date: Wed, Aug 26, 2020 Subject: WorkStudy Offer! To: Good morning! I hope you are well. I would like to share with you this job opportunity,you could earn between $100- $240 weekly. This opportunity is only part time and is not expected to clash with your current school/study schedule.Kindly send in an instant reply if you are in search of a job so you can receive further information |
If the victim responds showing interest they will receive a message from a different email address <careerjobsdepartment@outlook.com> and this email will contain a malicious URL. The scammer is seeking personal information such as name, phone number, email address, home address, age and current occupation. It also invites the victim to ‘tell a bit about themselves’ in a free-form text box.
This first email shows a few red flags. For instance, some parts of the message have no spacing, an example of this is “schedule.Kindly”. The email also expresses a sense of urgency with the email asking for the victim to send an “an instant reply.”
<careerjobsdepartment@outlook.com> responded: Thank you for your interest in the available job position, kindly click on the URL below to view the application portal https://tinyurl .com/JOB-UPDATE |
If you do receive this or a similar email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu.
How do I forward full email headers?
https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970
To read more articles published by DOIT visit:
https://itsecurity.umbc.edu/critical/?tag=notice.
https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19