In the scam above, the scammer is trying to impersonate a member of UMBC staff and offer users a part-time job. The email claims that users must contact the sender at the provided phone number to get the job. The job offered in this email though is fake and the message a scam, please do not reply to this or any similar email.

This message does show some red flags the suggest phishing: poor grammar and misplaced capitalization. Notice how words like “also” and “do” are capitalized after a comma. This is not the type of grammar or capitalization most would expect from a professional email.

What to do now?

If you do receive any of these scams shown above or a similar scam, please DO NOT respond any further or click on any URLs. If you have provided any banking or financial information, please notify your bank or financial institution immediately. If you have been sent a check, you should not attempt to cash or deposit it. If you have deposited a check already, please contact your bank and tell them that it may be part of a scam.

Whether or not you responded to the scam, please forward the message (with the email headers) to security@umbc.edu. We will also keep track of any other information you submit about the scammers, such as their phone numbers. If you were sent a check or other materials, please send pictures of it and the envelope they came in.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970 

To read more articles published by DoIT Security please visit: 

https://itsecurity.umbc.edu/critical/?tag=notice.  

https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19

In its ongoing effort to stem the spread of COVID-19 in the UMBC community, UMBC has partnered with Maryland Genomics (https://marylandgenomics.com/) to create and distribute a phone app that will help us keep track of on-campus testing and results this Spring.  If you have received an email message like the one below:

Please install the app as described in the message.  This app has been vetted (and field-tested) by the UMBC Division of Information Technology (DoIT) and is needed to manage the on-site testing effort for this Spring.

Please also understand that DoIT appreciates any suspicions you may harbor about unsolicited email. In no way do we want you to be any less suspicious in the future.  This posting is intended specifically to assure you that this particular message is legitimate and that you really do need to download this app.

The Division of Information Technology (DoIT) has been notified that a scammer is sending out phishing emails claiming to offer a part-time job as an Administrative Assistant the UMBC’s Academic Success Center.  The offer is a fake. 

Here is an example of the scam:

In the example above the email is sent from <owens0101@gmail.com> . This is not a UMBC address.  UMBC addresses end in “@umbc.edu”. The phishing email itself is claiming to offer students a job as an administrative assistant. The scammer asks the victim to use text messaging which leaves no record of the communications in UMBC systems.
If you receive this email or anything similar, do not respond.

The Money

Scams like this operate by having the victim make purchases with their own funds while promising to reimburse them later. The reimbursement will generally be in the form of a check or a money order. When you attempt to deposit the check or money order into your bank account, your bank will notify you that it is not valid. It will bounce. You will have lost whatever money you have spent to that point. In many cases, this loss has exceeded $1000.00

The names and job titles appearing in this correspondence do belong to actual UMBC staff, but this information is readily available from the UMBC web site and can be used to make the scam seem more realistic.

Recently, a fake payment was made through an image of a check sent in email. The victim was instructed to print it, cut the image out in the shape of a check, sign it, and deposit it using a mobile banking app. (See below.)

What to do now?

If you do receive this or a similar scam, please DO NOT respond any further or click on any URLs. If you have provided any banking or financial information, please notify your bank or financial institution immediately. If you have been sent a check, you should not attempt to cash or deposit it. If you have deposited a check already, please contact your bank and tell them that it may be part of a scam.

Whether or not you responded to the scam or not, please forward the message (with the email headers) to security@umbc.edu. We will also keep track of any other information you submit about the scammers, such as their phone numbers. If you were sent a check or other materials, please send pictures of it and the envelope they came in.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970 

To read more articles published by DoIT Security please visit: 

https://itsecurity.umbc.edu/critical/?tag=notice.  

https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19 

Below is an example of a job scam phishing email that was recently reported to the Division of Information Technology (DoIT). The scam email below has the subject “UMBC COVID-19 UPDATE” and is claiming to offer fake jobs from Corestaff Services to UMBC students. 

The goal of this phishing email is to try and get students to reply showing interest in the fake job. DoIT has seen similar scams in which the student’s reply is followed by another email asking for more personal information such as the student’s mailing address, full name, phone number, and date of birth. 

If the student responds again with their personal information, the scammers have been known to start texting the student as well as sending a fraudulent check to the provided postal address. If you received a check from this or a similar scam please do not try to deposit the fraudulent check. 

What to do now?

If you do receive this or a similar scam, please DO NOT respond any further or click on any URLs. If you have provided any banking or financial information, please notify your bank or financial institution immediately. If you have been sent a check, you should not attempt to cash or deposit it. If you have deposited a check already, please contact your bank and tell them that it may be part of a scam.

Whether or not you responded to the scam or not, please forward the message (with the email headers) to security@umbc.edu. We will also keep track of any other information you submit about the scammers, such as their phone numbers. If you were sent a check or other materials, please send pictures of it and the envelope they came in as well.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970 

To read more articles published by DoIT Security please visit: 

https://itsecurity.umbc.edu/critical/?tag=notice.  

https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19 

Expect to see and/or hear about fake vaccine scams in the coming weeks.  The scams will differ in intent.  Some will encourage you to use your credit card or bank account to send the scammers money in order to assure vaccination quickly.  Others may simply ask you to fill out an online form with lots of personal information.  Some may even offer you a work-from-home job calling people about vaccination.  Whatever the scam is, the COVID-19 vaccine will be the bait.

From the FBI

Special Agent in Charge Timothy Thibault recently told ABC News:

"What we would say to the public is to be leery of and be on guard for scams related to telemarketing, malicious websites or emails where people are taking advantage of the initial supply-and-demand problem"

From the Department of Health and Human Services (DHHS)

The DHHS Office of Inspector General issued an alert earlier this month warning:

• Be vigilant and protect yourself from potential fraud concerning COVID-19 vaccines. You will not be asked for money to enhance your ranking for vaccine eligibility. Government and State officials will not call you to obtain personal information in order to receive the vaccine, and you will not be solicited door to door to receive the vaccine.

• Beneficiaries should be cautious of unsolicited requests for their personal, medical, and financial information. Medicare will not call beneficiaries to offer COVID-19 related products, services, or benefit review.

• Do not respond to, or open hyperlinks in, text messages about COVID-19 from unknown individuals.

• Be aware of scammers pretending to be COVID-19 contact tracers. Legitimate contact tracers will never ask for your Medicare number, financial information, or attempt to set up a COVID-19 test for you and collect payment information for the test.

• If you suspect COVID-19 health care fraud,report it immediately online or call 800-HHS-TIPS (800-447-8477).

Spotting Scams

There are two important components to any scam.  First, the scammer must offer to provide you with something you very much want, or to prevent something you very much don’t want.  Second, the scammer will create a sense of urgency to discourage you from doing any background check or even from thinking too hard about the offer.

If you receive email, phone calls, text messages, or anything else that appeals to your hopes and fears and tries to create a sense of urgency, be suspicious.  The more urgent it seems, the more you need to check out the source.

For more information about spotting potential COVID-19 scams, please visit:

• https://scamspotter.org

• https://www.washingtonpost.com/business/2020/12/14/covid-19-vaccine-scams

• https://my3.my.umbc.edu/groups/itsecurity/posts/98136

If you do receive any email that you suspect is a scam, please do not even click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. If you are a member of the UMBC community, please forward the message (with the email headers - see here for instructions)) to security@umbc.edu. 

References and Links to More Information

• https://abcnews.go.com/US/fbi-warns-covid-19-vaccine-scams/story?id=74631650

• https://oig.hhs.gov/coronavirus/fraud-alert-covid19.asp

• https://www.washingtonpost.com/business/2020/12/14/covid-19-vaccine-scams/

• https://www.aarp.org/money/scams-fraud/info-2020/coronavirus-vaccine-scams.html

• https://www.fda.gov/consumers/consumer-updates/beware-fraudulent-coronavirus-tests-vaccines-and-treatments

How It Works

Not all job scams are identical, but those we have seen follow the general pattern described here.

You may see scams arrive as text messages, email, or in almost any other form possible.  The messages are all similar.  You are told that the sender has some association with your school and that you have been selected to apply for a work-from-home position.  You are asked to contact the sender and/or go to a website to provide personal information, including name, address, phone number, email address, and possibly Social Security Number.  Some scammers go to considerable effort to appear legitimate.  They may have set up a website.  They may even use the names of real people from real companies. One very through scam earlier this year took names and photos from the website of a real company and used it to set up their own website.

Once you have accepted the position, you will be provided with either a check or a picture of a check to print out and be directed to deposit it into your checking account.  At the same time, for whatever reason, you will be told to transfer some of your own money (check, wire transfer, etc.) to someone else.  For instance, if the check you get is for $1000.00, you may be told to deposit it and immediately send $700.00 to someone else, keeping the remaining $300.00 as your payment for the work.  The check for $1000.00 turns out to be a fake and is rejected by your bank.  You have just lost$700.00.  The scammer you have been working for will stop responding.  Any contact information you have will no longer be valid.  

Some Examples

E-mail message

What to do

If you do receive anything like the offers above, even if you are not sure, , please DO NOT respond any further or click on any URLs. If you have provided any banking or financial information, please notify your bank or financial institution immediately. If you have been sent a check, you should not attempt to cash or deposit it. If you have deposited a check already, please contact your bank and tell them that it may be part of a scam.

Whether or not you responded to the scam or not, please forward the message (with the email headers - see link below) to security@umbc.edu. We will also keep track of any other information you submit about the scammers, such as their phone numbers if you receive a text message from the scammer.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970 

To read more articles published by DoIT Security please visit: 

https://itsecurity.umbc.edu/critical/?tag=notice.  

https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19 

With Covid-19 being something we all face in our daily lives, malicious actors are not giving up on scamming people out of not only their personal and financial information, but are also trying to get their victims’ money or even just installing a malicious software onto their victim’s devices.

The article linked below from Forbes is a good reminder that there are still many types of Covid-19 themed threats from phishing scams to fake websites.

Phishing Scams

Phishing emails are one of the biggest scams out there. As time goes on the scammers get more and more creative with their phishing techniques. With many people worried about Covid-19 and working from home, scammers are posing as loan specialists, health officials, and national authorities. For example, some scammers send emails that appear to be from the World Health Organization (WHO) or the Center for Disease Control and Prevention (CDC).

Here are some tip to look for to try and spot a phishing email:

• Unfamiliar email address

• Generic greetings

• Spelling and grammatical errors

• Sense of urgency or demand for immediate action

• Request for banking or personal information
  
  

At UMBC we see phishing emails with scammers saying that they are from places like Cisco or Corestaff trying to give work from home opportunities to students. We have also seen attempts in which a compromised umbc account will be used to send out phishing emails. For more information on these scams or other tips please check out the DoIT security articles which are linked below.

If you do receive any email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu. 

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

Bogus Websites

Another common scamming technique is the use of fake websites. Scammers will provide a link to these websites in their phishing emails to make the scam more believable. The scammer tries to make the website look as legitimate as possible. They may do this by using similar domain names such as <www.umbc.net>; instead of <www.umbc.edu>;.

There are ways to try and make sure the website you are visiting is legitimate. Before you click, check the link! If you move your cursor over the link without clicking, the real link address should appear at the bottom of your browser. 

Here are some other tips to help verify that a website is legitimate:

•  Check to see if the website has a secure connection, this can be seen at the top left of the search bar where there is a little lock icon.

• Look for https in the URL instead of http, (the s stands for secure).

• Verify the website's privacy policy if possible.

• Check for contact information on the website, if there is no privacy or contact information that is a big red flag.

• Watch out for signs of malware, meaning suspicious pop-ups and fake-looking ads.

Fake Advertisements

Similar to the creation of fake websites, scammers are creating fake ads. Scammers use fake ads to trick people into providing information for things like Covid-19 loans and stimulus checks. 

Just as with phishing emails, these ads will have a sense of urgency to them. Using terms like “Act now before funds run out.” The important thing to remember here is to not click on ads on unfamiliar websites and pages. Please do not give out personal or financial information online if the person or site that you are giving it to is not secure and trusted.

Phony Phone Calls and Texts

Phishing campaigns are not limited to emails, but can appear in phone calls, text messages, and direct messages (DMs) on social media sites like Facebook and Twitter. If you receive a strange message or voicemail from an unknown sender or caller, do not respond or click on any links.

For text messages and DMs, use the same precautions as with phishing emails. Do not click on links from unsolicited messages, watch out for spelling and grammatical errors, and do not provide any personal or financial information.

For more information on tips to help protect against phishing scams done over text or DMs (also known as “smishing”) please check out this article: https://itsecurity.umbc.edu/critical/?id=94345.

When it comes to phone calls, use caution. Do not give away any personal or financial information over the phone, especially your Social Security number or bank account information. If you feel the call is suspicious, hang up. If the scammers are claiming to be from a company or a bank and you feel the call is suspicious, do not interact try to find the actual customer service number from the company’s website, to confirm if the call was legitimate or not.

For more information, please check out: 

https://www.forbes.com/sites/mikekappel/2020/08/05/cybersecurity-threats-during-covid-19/#68b36c80113c

To read more articles published by DOIT visit: 

https://itsecurity.umbc.edu/critical/?tag=notice. 

https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19

With Covid-19 still very present in our day to day lives, many states have started to roll out contact tracing programs to help control the spread of disease. This is done by informing people who have come in contact with someone who has tested positive and warning them to watch for symptoms. But with anything new that starts, malicious actors are quick to jump on the bandwagon and exploit the chance to try and scam people out of personal and financial information.

These scams work by sending an unsolicited message to you via text, email, or a social media app. These messages will explain that you’ve come in contact with someone who has tested positive for Covid-19.  The message will instruct you to self-isolate and provide a link for more information. The link can contain malware that could cause harm to your device.

Another version of this scam involves a robocall claiming to be part of “contact and tracing efforts.” The call will inform you that you have come in contact with someone who tested positive for Covid-19. After you elect to speak to a representative, the “contact tracer” asks to verify your personal information. This starts with your full name, date of birth, but can quickly move to personal identifiable information and/or financial information.

Here are some tips to help tell if you are talking to a real contact tracer:

• Contact tracers will ask you to confirm your identity, but not financial information. They will ask for you to confirm your name, address and date of birth. They may also ask about your current health, medical history, and recent travels. They will not ask for any government ID numbers or bank account details. 

• Contact tracers will identify themselves. They should start the call with their name and stating that they are calling from the department of health or another official recognized organization.

• Contact tracing is normally done by phone call. Not through social media or texting.

• A real contact tracer will never reveal the identity of the person who tested positive. 

• If you receive a link and are not sure if it is real, double check it. If the contact tracer is claiming to be from the government the URL should end in .gov (for the United States) or .ca (for Canada). 

If you live in Maryland, please visit https://coronavirus.maryland.gov/pages/contact-tracing for more information on Maryland’s contact tracing efforts. According to the link above, the caller ID for a Maryland contact tracer should be marked as “MD COVID”. If you do not have caller ID, the phone number you are looking for is (240) 466-4488.

If you do receive a message that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address or phone number is valid. Please forward the message (with the email headers) to security@umbc.edu.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

For more information, please check out: 

https://www.bbb.org/article/news-releases/22560-scam-alert-covid-contact-tracing-work-inspires-copycat-scams

To read more articles published by DoIT visit: 

https://itsecurity.umbc.edu/critical/?tag=notice. 

https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19

A compromised UMBC account was used to send phishing emails to over 1200 other UMBC accounts today. These malicious emails, claiming to be from the “UMBC IT Desk,” contained a link to a fake myUMBC login page, potentially allowing the malicious actors to steal any passwords entered on the site. To prevent further malicious activity, DoIT Security has scrambled the password of the account used to send the emails.

From: <name removed>

Date: Mon, Aug 24, 2020 at 10:40 AM

Subject: COVID-19 Update

To:

This is the UMBC IT Desk. Kindly Update your details to avoid beinglocked out of your email account.

Follow the URLbelow to proceed to setup umbc.edu/cas-web/login/Update

IT DeskUMBC

The link leads to this fake login page:

Always check the URL before entering credentials online. Notice that this site is not in the umbc.edu domain, despite claiming to be myUMBC. In addition, you can compare it to the real login page by navigating to myUMBC without using a link to see that it does not match.

As of this writing, approximately 150 people have clicked this link. If you have entered your UMBC password after clicking the link in this phishing email, please change it to something substantively different as soon as possible. Instructions for doing so can be found here:https://wiki.umbc.edu/pages/viewpage.action?pageId=1867939.

If you do receive any email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

Below is another example of a phishing email campaign in which the malicious actor is claiming to be from Corestaff Services. The email below is the initial message sent out to victims to try and get to to respond with an alternate (non-UMBC) email address.

Once the victim responds with their alternate email address, the scammer will then email that address claiming that the victim got the job and asking for more information. An example of what type of information and how it is formatted in the email is shown below.

If the victim responds with their personal information, the scammer could start messaging the victim over text message and may send a fraudulent check to the victim’s postal address. If this happens to you, please do not try to deposit the check. A very similar scam is described here: https://itsecurity.umbc.edu/critical/?id=94549.

If you do receive this or a similar scam, please DO NOT respond any further or click on any URLs. If you have provided any banking or financial information, please notify your bank or financial institution immediately. If you have been sent a check, you should not attempt to cash or deposit it. If you have deposited a check already, please contact your bank and tell them that it may be part of a scam.

Whether or not you responded to the scam or not, please forward the message (with the email headers) to security@umbc.edu.  We will also keep track of any other information you submit about the scammers, such as their phone numbers if you receive a text message from the scammer.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

To read more articles published by DOIT visit: 

https://itsecurity.umbc.edu/critical/?tag=notice. 

https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19