During the past week, DOIT has received notifications of several phishing emails. Below is a sample of a Phishing message that over 600 UMBC students have received. For privacy purposes the To field was removed.

From: Summer Woodforest <summerwoodforest@gmail.com> 

Date: Tue, Jul 21, 2020 at 8:30 AM

Subject: CORNERSTONE JOB OFFER.

Dear student,

   We got your contact through your school database and I'm happy to inform you that our reputable company Cornerstone® is currently running a student empowerment program. This program is completely school oriented as it has been designed not to deter you from all school activities which is priority for you and this organisation. This program is to help loyal and hardworking students like you secure a part time job with an attractive weekly salary.

TO PROCEED WITH THIS JOB OFFER, KINDLY REPLY TO THIS MAIL WITH YOUR ALTERNATE E-MAIL ADDRESS IN ORDER TO RECEIVE THE FULL JOB DESCRIPTION.

Best Regards,

Summer Wood,

HR Recruit Manager/Consultant

Cornerstone®,

Staffing-Solutions

Similar phishing emails were received from the following addresses listed below: 

• Gavan Ryan <ryangavan724@gmail.com>

• Clerk Trevor <clerktrevor@gmail.com> 

If you have received any message similar to the one listed above, please forward the message to security@umbc.edu.  Please attach the email headers, information on how to find the email headers can be found here: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

DO NOT RESPOND to this email, if you have done so already please contact us immediately at security@umbc.edu. 

For more information on scams and phishing handling, please visit https://wiki.umbc.edu/pages/viewpage.action?pageId=36766495

To read more articles published by DOIT visit: https://itsecurity.umbc.edu/critical/?tag=notice

Fake Covid-19 Fund Scam

The FTC posted an article warning of a phishing scam that they recently discovered. In this scam, the malicious actor is sending email claiming to be from the FTC and saying that users could get money from a Covid-19 “Global Empowerment Fund.” All that is required of the user is to respond with their bank account information.

This email is a scam.  It is not from the FTC, there is no money and there is no fund. The FTC says that they will never contact you by phone, email, text message, or by social media to ask for financial information, this includes your social security number. They also state that any stimulus checks will be from the IRS , not the FTC.

If you do receive any email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu and delete the message.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

For more information, please check out: 

https://www.consumer.ftc.gov/blog/2020/06/fake-emails-about-fake-money-fake-covid-19-fund

With COVID-19 and associated restrictions remaining prevalent, many malicious actors have used the opportunity to update their phishing email campaigns. The article linked below explains some of the ways malicious actors try and trick people into giving up their information or even into installing malware.

The article states that many of the emails will use subject lines like coronavirus, work reopening, rescheduled meetings, stimulus payments, and new vacation policies. Malicious actors also craft themed emails to look like popular social media sites like Facebook and LinkedIn.

For LinkedIn they noticed subject lines "You appeared in new searches this week," "People are looking at your LinkedIn profile," "Please add me to your LinkedIn Network," and "LinkedIn Password Reset."

 Facebook sees phishing emails using subject lines like "Your Friend Tagged a Photo of You" and "Your friend tagged you in photos on Facebook." Phishing campaigns from Twitter were said to try and entice people with subject lines similar to "Someone has sent you a Direct Message on Twitter."

Other subjects included "A login alert for Chrome on Motorola Moto X," "New voice message at 1:23AM," and "55th Anniversary and Free Pizza". The article also describes some general subjects to look out for:

• Password Check Required Immediately

• Vacation Policy Update

• Branch/Corporate Reopening Schedule

• COVID-19 Awareness

• Coronavirus Stimulus Checks

• List of Rescheduled Meetings Due to COVID-19

• Confidential Information on COVID-19

• COVID-19 - Now airborne, Increased community transmission

• Fedex Tracking

• Your meeting attendees are waiting
  
  

According to the article, the most common subject lines within phishing emails found “in-the-wild” in the last quarter were:

• Microsoft: Abnormal log in activity on Microsoft account

• Chase: Stimulus Funds

• HR: Company Policy Notification: COVID-19 - Test & Trace Guidelines

• Zoom: Restriction Notice Alert

• Jira: [JIRA] A task was assigned to you

• HR: Vacation Policy Update

• Ring: Karen has shared a Ring Video with you

• Workplace: [company_name] invited you to use Workplace

• IT: ATTENTION: Security Violation

• Earn money working from home
  
  

At UMBC some of the most common subject lines for phishing emails seen recently have been “UMBC JOB OPPORTUNITY”, “CORNERSTONE STUDENT JOB OFFER”, “CORNERSTONE JOB OFFER”, “UMBC COVID-19 INFORMATION”, “UMBC COVID-19 PART TIME JOB OFFER” and “WORK FROM HOME.”

If you do receive any email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu and delete the message.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

For more information, please check out: 

https://www.techrepublic.com/article/watch-out-for-these-subject-lines-in-email-phishing-attacks/

The email below is an example of a recent job scam phishing email that has been going around campus. This email, like many other job scam emails, tries to trick users into giving up their personal information like the users address, phone number, and personal email address.

If you do receive this or any other email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

Smishing scams are a type of phishing scam which occurs when a malicious actor sends text messages or direct messages. They follow a similar pattern of acting as if they were from a trusted source like banks, government agencies, or even friends and family, trying to trick users into clicking a malicious link or possibly giving personal and financial information.

In recent years smishing attacks have started to become more numerous and sophisticated. Just like with phishing attacks, smishing also spikes during a crisis like COVID-19. These attacks are designed to exploit the public’s fears and anxieties, making their victims an easier target.

According to the article below, many more adults and children will open a text message or direct message on average compared to an email. Malicious actors can also automate the sending of text and direct messages to thousands or even millions of phone numbers and, unlike emails, there is no viable way for a user to block or flag suspicious messages.

These scams are similar to other phishing scams. They will still instruct the user to perform actions that could be harmful. Some of these actions might include: 

• Replying to the text or direct message with personal or financial information.

• Clicking a link that downloads malicious files or directs them to a website designed to gain the users personal or financial information.

• Asking the user to call a ‘customer service’ number.

• Asking the user to wire money to the malicious actors.
  
  

Tips on how to spot and avoid smishing attacks:

• Do not click on a link or call a number from an unknown number.

• Do not submit personal information to an unknown number.

• If possible try to verify the authenticity of the message by finding the sender’s website and official contact details online. For example if a message is claiming to be from your bank, check the bank's website to find the real contact information.

• If it looks too good to be true, it probably is too good to be true.

• Delete all suspicious texts.

• If the sender has a ‘5000’ number, the message was sent via email and could be malicious.

• If the sender is anything other than a cell phone number, the message may have been sent via email and could be malicious.

• Block unknown numbers if possible.

For more information, please check out: 

https://portswigger.net/daily-swig/what-is-smishing-how-to-protect-against-text-message-phishing-scams

With so many online services associating phone numbers with a person’s identity, it is more important than ever to ensure that malicious actors cannot take control of your number. However, a growing scam called SIM swapping seeks to do just that. Using personal information found or bought online, scammers can call a cell phone service provider while posing as a customer and ask to have the victim’s number transferred to the scammer’s phone. Without the proper precautions, this can all be done without any contact with the real customer.

SIM swap scams can cause more harm than just a fraudulent phone bill. Combined with other personal information, access to a victim’s phone number can allow scammers to access a variety of online accounts, all while posing as the legitimate owner of those accounts. This could even allow access to the victim’s email and online banking accounts. It also allows scammers to bypass any SMS or phone call-based two-factor authentication.

Phone service providers have added a few security measures to help stop SIM swap scams, but they rely on you to keep them secure. First, you can set up a PIN that must be provided before a SIM swap can be completed. Your PIN should be kept private, and should not be based on other personal information, like your birthday. Additionally, you should never send a security code from your provider to the sender of an unexpected text or phone call. Scammers may pose as your service provider before or while attempting a SIM swap scam in an effort to trick you into giving up verification codes sent by your provider. If you receive a code, it is best to contact your provider directly using their official contact information, not a number sent in a text.

For more information, please see:

https://scambusters.org/simswap.html

https://www.wired.com/story/sim-swap-attack-defend-phone/

Mobile devices are now an integral part of our daily lives. They make communication and access to information incredibly convenient from virtually anywhere. This convenience can make it easy to forget that mobile devices are vulnerable to many of the same threats as computers. Here are some common risks to watch out for when using your device.

Unsecured internet connections – Free public Wi-Fi is often unencrypted, meaning other people on the network may be able to access any data you send or receive. Depending on your settings, your device may connect to these networks automatically in order to decrease mobile data use. Consider turning off this feature for more control over your data. However, wired connections in public places may not be secure either, and can be tampered with and monitored or used to send malware to your device. In either case, it is important to know where your connection is coming from and limit transmission of private and sensitive data accordingly.

Malicious apps – Downloaded apps often request a number of permissions that they claim are necessary in order for the app to function. If granted, a malicious app can easily take control of your device. To avoid this risk, only download verified apps from reputable sources, like Apple’s App Store or Google Play. For an example of a malicious app and the damage it can do, check out this article about how one app spreads ransomware:https://itsecurity.umbc.edu/critical/?id=93247.

Loss or theft – Mobile devices contain a plethora of personal data, all of which can be valuable to unscrupulous individuals. Therefore, it is just as important to use a strong password for your phone as it is for your computer. A short PIN may not be enough to stop determined thieves from stealing your data. Consider adding 2-factor authentication by enabling both the password and fingerprint recognition settings, if possible. Finally, remember that remote wiping is an option for cases where your device is permanently lost. This will allow you to delete all data remotely, preventing it from being stolen. For more information on remote wipe, seehttps://insights.samsung.com/2020/05/28/3-things-you-should-know-about-remote-wipe-2/.

For additional information, check out: 

https://cybersecurity.osu.edu/cybersecurity-you/protect-personal-devices/mobile-devices

https://www.pandasecurity.com/mediacenter/panda-security/mobile-security-tips/

Forbes posted an article of a phishing attack discovered by Abuse.ch. This attack is using a Black Lives Matter-themed email phishing campaign with the goal of having readers unknowingly install malware. The attack is said to be sending out emails with the subject “Vote anonymous about ‘Black Lives Matter’ ”. 

The email is said to contain the statement: “Leave a review confidentially about Black Lives Matter… Claim in the attached file”. If the reader clicks on the attached file it will install known at "Trickbot" onto the reader's device. 

If you do receive any email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. As well please do not click on or download any attachments from suspicious emails, this action could put your device at risk. Please forward the message (with the email headers) to security@umbc.edu. 

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

For more information, please check out: 

https://www.forbes.com/sites/thomasbrewster/2020/06/11/watch-out-theres-a-big-black-lives-matter-scam-about/#7449987a62d8

The image as well as original tweet from abuse.ch can be found at: 

https://twitter.com/abuse_ch/status/1270739166716989443?s=20

According to the article linked below, a recent work-from-home scam has been targeting college students. These malicious actors are targeting students via emails that appear to be sent from a college or company advertising fake work-from-home job opportunities.

The malicious actor will use these emails to obtain the students personal information. Once the malicious actor has the students information, they will send a counterfeit check instructing the students to deposit the check into their personal checking account. The malicious actor will then ask the student to withdraw the money and make a payment necessary for the job.

The article states that students who do fall victim to this scam can experience bank accounts being closed due to fraudulent activity and a report filed by the bank with a credit bureau or even law enforcement. The student would also be responsible for reimbursing the bank.

Tips to help spot and avoid these type of scams:

• Research the company first, look for a legitimate website and contact information. Try to find what others are saying about the company as well.

• If they are contacting you and claiming to be from the University, locate the sender’s information through the school website and confirm whether the offer is real or not.

• Look for bad grammar and spelling.

• Offers of employment or pay without an interview are red flags. Legitimate jobs usually want to see who they are hiring.

• Never send funds in the form of cash, check, gift cards or wire transfer to secure a job.

• If you do receive a check from a scam similar to the one above, please do not cash the check.

• If you have provided any banking or financial information to the suspected scammers, please notify your bank or financial institution immediately.

If you do receive any email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu. 

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970  

For more information, please check out:

https://www.winknews.com/2020/06/17/work-from-home-scam-targets-florida-college-students/

With COVID-19 causing many to shop online instead of in person, many scamming websites have appeared selling fake products. The Better Business Bureau created a list of tips for shopping online safely.

• Make sure you know who you are dealing with. Check the spelling and the domain names, then google the website to see if the site has had any complaints against it.

• Scam websites usually have poor grammar and spelling, very little information, and capital letters in the middle of sentences.

• Make sure the website is using https:// at the beginning. A trusted website will have a secure domain so that your information is safe. Make sure to check the address bar for a “not secure” message as that is another red flag.

• If at all possible try to find the age of the website to see if it was recently established. Many malicious actors establish new websites in response to current events.

• Check the website's ‘about me’ and ‘contact us’ links, as many malicious actors will not take the time to fabricate a history for the brand such as you would see on a legitimate website.

• Check for the website's privacy policy to understand what personal information is being requested. If there isn’t a privacy policy that is a big red flag.

• If you receive a phishing email from a malicious actor, the Better Business Bureau says that they are usually without personalization. They say legitimate companies will usually refer to the customer by name, while malicious actors might not.

• Research the business first to make sure it is legitimate before giving them any of your personal and/or financial information.

• If the deal feels too good to be true then it probably is too good to be true.

• The Better Business Bureau recommends using a credit card when purchasing any product or service through a website. If your transaction is protected by the Fair Credit Billing Act, and you receive a defective product or it doesn’t arrive at all, you can dispute the charge and temporarily hold the payment while the credit company investigates them.

For more information, please check out: 

https://www.bbb.org/article/news-releases/22474-bbb-warning-be-careful-purchasing-from-unknown-websites-during-covid-19

https://www.bbb.org/article/tips/14040-bbb-tip-smart-shopping-online