For several years, UMBC's Division of Information Technology has received reports of gift card scams. Recently, some of these scams have been sent as text messages to personal phones, falsely representing themselves as directions from senior administration officials. Regardless of how the message is sent or received, who appears to be sending it, or what personal information it may contain, it's a scam. Nobody is going to ask you to buy several hundred dollars' worth of gift cards and send the PINs.

The scam is simple, and while details may vary, the basic outline remains the same.

Short version:
Someone tells you to buy one or more gift cards and then to send them the numbers off the back.

Detailed version:
The victim receives a message, possibly through email, SMS text message, or even a phone call, telling them that someone in authority (a supervisor, the Internal Revenue Service, etc.) needs them to purchase some quantity of gift cards. The message will specify a type of gift card, such as Google Play or iTunes, but it could be any card that can be used like money. The message will often be worded to make the immediate purchase seem urgent and may state that the person needing the card cannot be reached directly (e.g., "in a meeting" or "out of the country").

The victim is instructed to get the PIN off the back of the card and send it or a picture of it via phone, email, or some other method of electronic communication.

Once this is done, the scam is over. The scammer can sell the PIN numbers at a discount. Since the scammer has spent nothing, everything is pure profit.

If you receive a scam message involving UMBC phone numbers, UMBC-owned phones, or mentioning members of the UMBC community, please notify DoIT through email at security@umbc.edu.

You can find more information about these scams at:

• https://consumer.ftc.gov/articles/avoiding-and-reporting-gift-card-scams
• https://consumer.ftc.gov/consumer-alerts/2023/07/if-you-paid-scammer-gift-card-your-money-gone-maybe-not
• https://support.apple.com/gift-card-scams

This morning, the Division of Information Technology(DoIT) received a report of fraudulent emails sent to the University System of Maryland office.. The fraudster is forging the name of UMBC President Sheares Ashby, probably in an attempt to get the recipient to purchase gift cards on the fraudster’s behalf.  Below is an example of the email. For privacy, we removed the To field.

A slightly different version appeared in some UMBC inboxes, this one pretending to be from Vice Provost and Dean Rutedge.

THIS REQUEST IS NOT REAL! 

• This is a common scam to get the recipient to purchase gift cards or something else of value that can be sent through email.

• Whatever you spend, you will not get back.

If you have responded to the message and performed any errands such as purchasing gift cards, please do not send the codes to executivedir808@gmail.com.  

If you have received any message similar to the one listed above, please forward it with its headers tosecurity@umbc.edu. For instructions, visit https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

If you need further assistance, please contact us at security@umbc.edu.

__________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. For instructions, visit https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity.

Recently, the Division of Information Technology (DoIT) received a report of a phishing email that appeared to be crafted to attack users in the Computer Science department. The phishers are trying to capture, at least, your UMBC password.. The  Below is an example of the email. For privacy purposes, we removed the To field.

THIS WARNING IS NOT REAL! 

• DoIT will not ask you to “confirm your ownership” of your email account.  If we ask you to change your password, we will direct you to my.umbc.edu or to webauth.umbc.edu, not to a non-UMBC site.

• Saying that “This message is from a trusted sen der” should make you suspicious from the start.  If someone walked up to you in the street and, instead of introducing themselves by name, simply told you that they were trusted, would you be comfortable?

• Whoever wrote this seems to think that “sender” is two words.

PLEASE DO NOT CLICK THE LINK!

If you have already clicked the link and entered your password:

• If you entered your UMBC password on the form, please change your password immediately.

• If you entered your UMBC password and you used that same password for any other account(s) (e.g. Social Media, Online Banking, etc.), change the passwords on the account(s) immediately.

• If you entered banking, credit card, or other information, please contact your bank or other financial institution immediately and report what happened.

• If you entered personal information such as your address, phone number, etc., monitor your finances and be very careful about responding to suspicious phone calls, mail, text messages, etc.

If you have received any message similar to the one listed above, please forward it with its headers tosecurity@umbc.edu. For instructions, visit https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

If you need further assistance, please contact us at security@umbc.edu.

__________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. For instructions, visit https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity.