Recently, the Division of Information Technology(DoIT) received multiple reports of a job phishing email. The scammers sending these emails are impersonating Professor Mendelson of the Department of Biological Sciences. Below is an example of such an email. For privacy purposes, we removed the To field.

Please note that the Biological Sciences Department or Professor Mendelson did not send this message. Three visible red flags in this email are:

1. The From address is not a UMBC email. If the Biological Sciences Department or Prof. Mendelson were sending this email, the From address would have been a UMBC email address. However, it was sent from <majorodstanley@gmail.com>, which is not a UMBC affiliate. Please note that it could have been spoofed, even if it appears to originate from a UMBC email. Therefore, always check with DoIT(security@umbc.edu) or email/contact the impersonated person on a completely different email when you see a conflict in the address.

2. Whatsapp number.  A lot of scammers will ask for your WhatsApp number. If their number gets reported, they could easily create a new one. The same can be said for an email address; however, if their email is blocked, they will lose responses from other phishing email recipients. If you ever receive a job offer asking for a WhatsApp number or a phone number in general,  BE SUSPICIOUS!

3. The email template. This template is very common. After a quick Google search, we found a few Job scams articles with the same template. So if you are ever in doubt, Google it! UMBC will not use a known phishing template to offer you a job opportunity.

For more information about phishing, visit:https://itsecurity.umbc.edu/critical/?id=98136.

If you have received any message similar to the one listed above, please forward it with its headers tosecurity@umbc.edu. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

______________________________________________________________________________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity.

In 2020, the 3D model sharing service Thingiverse suffered a data breach. On October 13, 2021, the data compromised in the breach was posted in various hacker forums. This breach contained data for approximately 228 thousand customers. The information included usernames, email addresses, names, passwords, IP addresses, and geographical addresses.

The compromised data was shared in an online hacking forum. Four UMBC accounts were victims of this breach. The victims are being notified via their UMBC emails and/or their alternate emails. If you have a Thingiverse account, please contact them to see if you have been affected by this breach.

To see if you were involved in any other breach, visit: https://haveibeenpwned.com/.

More about Thingiverse data breach:

https://www.databreachtoday.com/thingiverse-data-leak-affects-25-million-subscribers-a-17729

If you have any questions or concerns, email us at: security@umbc.edu.

Information about this breach was provided to us by Have I Been Pwned(HIBP). 

______________________________________________________________________________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity.

The UMBC Department of Information Technology (DoIT) received a report of spam invoking former President Trump, collectible coins, and the security-focused Telegram messaging system.  See  the example below:

Excerpt:

Account data breach: LinkedIn 

In April 2021, an employment-oriented online service, LinkedIn, was targeted by attackers who scraped data from hundreds of millions of public profiles and later sold them online. Whilst the scraping did not constitute a data breach, nor did it access any personal data not intended to be publicly accessible, the data was still monetized and later broadly circulated in hacking circles. The information included education levels, email addresses, genders, geographic locations, job titles, names, social media profiles. No financial information was leaked.

2029 UMBC accounts were victims of this scrape. The victims are being notified via their UMBC emails and/or their alternate emails. If you have a LinkedIn account, we suggest changing your password there and anywhere else that you used the same password.

To see if you were involved in any other breach, visit: https://haveibeenpwned.com/.

More about LinkedIn  data breach:

https://www.businessinsider.com.au/linkedin-data-scraped-500-million-users-for-sale-online-2021-4

https://news.linkedin.com/2021/june/an-update-from-linkedin

If you have any questions or concerns, email us at: security@umbc.edu.

Information about this scraped was provided to us by Have I Been Pwned(HIBP). 

______________________________________________________________________________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity.

The Division of Information Technology( DoIT) recently received reports about a phishing email impersonating Dr. Hrabowski. Below is an example of such an email. We removed the recipient’s information for privacy reasons.

This email originated from <msgrenaway7511@gmail.com>, which is not Dr. Hrabrowski’s email nor a UMBC email. So even though we would all love to have a chat with Dr. Hrabrowski, this is too good to be true.

If you have received any message similar to the one listed above, DO NOT RESPOND. Instead, please forward it with its headers tosecurity@umbc.edu. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

______________________________________________________________________________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity.

The Division of Information Technology (DoIT) recently received reports of a new form of phishing campaign. This campaign informs recipients that they have “# new pending incoming emails” where # represents some actual number.  Below are examples of the different kinds of emails that we received. We removed the recipients’ information for privacy purposes.

This example originated from <noreply-mailbox@umbc.edu>, which looks like a UMBC account; however, this account was spoofed. An outside person created this @umbc.edu email for phishing purposes. 

Below is another similar email that is spoofed. It originated from <cpanel@umbc.edu>, which is also not a UMBC account.

The links in both of these emails will take you to separate domains https://sign-in-verification-929bb.web.app and https://firebasestorage.googleapis.com respectively. The links in these emails will ask you to sign in. By signing in, they will be able to steal your passwords. 

Below is a copy of the https://sign-in-verification-929bb.web.appwebsite. The Firebase page has been removed.

If you have received this email, please DO NOT CLICK on the link. However, if you have clicked on the link, DO NOT ENTER your password. If you entered your UMBC password, immediatelyCHANGE YOUR PASSWORD.

If you have received any message similar to the one listed above, please forward it with its headers tosecurity@umbc.edu. 

______________________________________________________________________________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity.

The Division of Information Technology( DOIT) recently received reports of a ‘file transfer’ phishing campaign. Below is an example of this phishing email. We removed the To field for privacy purposes.

This example originated from <offices@mekre-net.uno>; however, there are several more senders: 

• <noreply@wetransfer.com>

• <revor@secaipl.club>

• <pombhurna.de@mahapwd.com>

If you receive a similar email, please forward it immediately to: security@umbc.edu along with the headers.

At first glance, the download link seems to originate from Wetransfer.com, however if you look closely, there is a comma between Wetransfer and com: 

Another flaw in the link is that copying the link address will take you to a completely different domain, https://firebasestorage.googleapis.com. Below is the full link and its website.

This format is similar to a previous phishing email. However, the background is different, and the link takes you directly to https://firebasestorage.googleapis.com and asks you to log in.

If you have received this email, please DO NOT CLICK on the link. However, if you have clicked on the link, DO NOT ENTER your password. If you entered your UMBC password, immediatelyCHANGE your password.

If you have received any message similar to the one listed above, please forward it with its headers tosecurity@umbc.edu. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

______________________________________________________________________________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity.

In September 2021, Thai-based English language teaching website, Ajarn, learnt that they suffered a data breach back in September 2018. This breach contained data for approximately 266 thousand Ajarn customers. The information included email addresses, names, genders, phone numbers, dates of birth, education levels, genders, geographic locations, job applications, marital statuses, nationalities, passwords, and profile photos. No financial information was leaked.

Two UMBC accounts were victims of this breach. The victims are being notified via their UMBC emails and/or their alternate emails. If you have an Ajarn account, please contact them to see if you have been affected by this breach.

To see if you were involved in any other breach, visit: https://haveibeenpwned.com/.

More about Ajarn data breach:

https://www.ajarn.com/data-breach

If you have any questions or concerns, email us at: security@umbc.edu.

Information about this breach was provided to us by Have I Been Pwned(HIBP). 

______________________________________________________________________________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity.

Normally, these posts warn of various types of fraud and misdirection that try to mislead victims into giving up personal information and/or money.  The Division of Information Technology (DoIT) encourages and appreciates vigilance and caution among members of the UMBC community.

That said, there are occasions when messages are sent out to account holders asking them to click on a link or fill in a form are legitimate.  DoIT received a report about a message that appears to be a legitimate request to participate in a survey about intercultural development at UMBC.  After investigation, we have established that the message is exactly that!  If you receive such a message (see excerpt below), please feel free to respond.  The survey is overseen by Dr. Irina Golubeva and Dr. Jasmine A. Lee of the Division of Students Affairs.

We appreciate your mindfulness and ask you to continue taking care in the future.  E-mail and text message scams surged at the start of the COVID-19 lockdown and show no sign of abating.  As always, if you have a question about the validity of any message you receive at your UMBC email address, please contact us at security@umbc.edu.

For more information about phishing, visit:https://itsecurity.umbc.edu/critical/?id=98136.

If you have received any message similar to the one listed above, please forward it with its headers tosecurity@umbc.edu. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

_________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity.

Recently, the Division of Information Technology(DOIT) received multiple reports of a job phishing email. The scammers sending these emails are impersonating Professor Cheah of the Department of Psychology. Below is an example of such an email. For privacy purposes, we removed the To field.

Please note that the Psychology Department or Professor Cheah did not send this message. Three visible red flags in this email are:

1. The From address is not a UMBC email. If the Psychology Department or Prof. Cheah were sending this email, the From address would have been a UMBC email address. However, it was sent from <timothyj.sloan2@gmail.com>, which is not a UMBC affiliate. Please note that it could have been spoofed, even if it appears to originate from a UMBC email. Therefore, always check with DoIT(security@umbc.edu) or email/contact the impersonated person on a completely different email when you see a conflict in the address.

2. Whatsapp number.  A lot of scammers will ask for your WhatsApp number. If their number gets reported, they could easily create a new one. The same can be said for an email address; however, if their email is blocked, they will lose responses from other phishing email recipients. If you ever receive a job offer asking for a WhatsApp number or a phone number in general,  BE SUSPICIOUS!

3. The email template. This template is very common. After a quick Google search, we found three Job scams articles with the same template. So if you are ever in doubt, Google it! UMBC will not use a known phishing template to offer you a job opportunity.

For more information about phishing, visit:https://itsecurity.umbc.edu/critical/?id=98136.

If you have received any message similar to the one listed above, please forward it with its headers tosecurity@umbc.edu. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

______________________________________________________________________________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity.