Expect to see and/or hear about fake vaccine scams in the coming weeks.  The scams will differ in intent.  Some will encourage you to use your credit card or bank account to send the scammers money in order to assure vaccination quickly.  Others may simply ask you to fill out an online form with lots of personal information.  Some may even offer you a work-from-home job calling people about vaccination.  Whatever the scam is, the COVID-19 vaccine will be the bait.

From the FBI

Special Agent in Charge Timothy Thibault recently told ABC News:

"What we would say to the public is to be leery of and be on guard for scams related to telemarketing, malicious websites or emails where people are taking advantage of the initial supply-and-demand problem"

From the Department of Health and Human Services (DHHS)

The DHHS Office of Inspector General issued an alert earlier this month warning:

• Be vigilant and protect yourself from potential fraud concerning COVID-19 vaccines. You will not be asked for money to enhance your ranking for vaccine eligibility. Government and State officials will not call you to obtain personal information in order to receive the vaccine, and you will not be solicited door to door to receive the vaccine.

• Beneficiaries should be cautious of unsolicited requests for their personal, medical, and financial information. Medicare will not call beneficiaries to offer COVID-19 related products, services, or benefit review.

• Do not respond to, or open hyperlinks in, text messages about COVID-19 from unknown individuals.

• Be aware of scammers pretending to be COVID-19 contact tracers. Legitimate contact tracers will never ask for your Medicare number, financial information, or attempt to set up a COVID-19 test for you and collect payment information for the test.

• If you suspect COVID-19 health care fraud,report it immediately online or call 800-HHS-TIPS (800-447-8477).

Spotting Scams

There are two important components to any scam.  First, the scammer must offer to provide you with something you very much want, or to prevent something you very much don’t want.  Second, the scammer will create a sense of urgency to discourage you from doing any background check or even from thinking too hard about the offer.

If you receive email, phone calls, text messages, or anything else that appeals to your hopes and fears and tries to create a sense of urgency, be suspicious.  The more urgent it seems, the more you need to check out the source.

For more information about spotting potential COVID-19 scams, please visit:

• https://scamspotter.org

• https://www.washingtonpost.com/business/2020/12/14/covid-19-vaccine-scams

• https://my3.my.umbc.edu/groups/itsecurity/posts/98136

If you do receive any email that you suspect is a scam, please do not even click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. If you are a member of the UMBC community, please forward the message (with the email headers - see here for instructions)) to security@umbc.edu. 

References and Links to More Information

• https://abcnews.go.com/US/fbi-warns-covid-19-vaccine-scams/story?id=74631650

• https://oig.hhs.gov/coronavirus/fraud-alert-covid19.asp

• https://www.washingtonpost.com/business/2020/12/14/covid-19-vaccine-scams/

• https://www.aarp.org/money/scams-fraud/info-2020/coronavirus-vaccine-scams.html

• https://www.fda.gov/consumers/consumer-updates/beware-fraudulent-coronavirus-tests-vaccines-and-treatments

The article linked below lists a few tips on how to identify phishing scams in your daily life or while you are working. Here is a short list of some clues to help identify phishing emails.

• The email address does not match business name or location. With many phishing emails if you look closely at the FROM address, you might notice misspelling  or even something that doesn’t match the organization at all. One type that has been seen at UMBC are scammers having an email that ends with <.umbc@gmail.com> to try and trick users into thinking it is from a UMBC source.

• A sense of urgency. Many phishing emails will have a sense of urgency that are created to distract the user from the emails true intentions. The idea is that the victim is too preoccupied with getting the action completed to see that it is a false request.

• Uncommon request from someone within the organization. Is this email coming from someone you do not normally work with? Would they normally be asking you to help complete this task or project? 

• Poor grammar and spelling. Many times the true sign of a suspicious email are common words being misspelled. There could also be capitalizations in almost random spots of a sentence and the spacing between words might be off.

Phishing scams are not the only tactics that are used by malicious actors. Many are impersonating or creating fake charities and using social media to further expand their campaign. Twitter has been seeing many of the “send me $1 and I will send you $2” scams as well as an increase in scams promoting bitcoins.

With charities, malicious actors are creating seemingly wholesome and thorough charity websites or social media profiles to target those who want to help. These scams often come as telemarketers or prompted phone calls. If you would like to give to an organization please do your research before giving any personal or financial information.

If you do receive any email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu. 

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970 

For more information, please check out: 

https://securityboulevard.com/2020/08/identifying-covid-19-phishing-scams/

To read more articles published by DOIT visit: 

https://itsecurity.umbc.edu/critical/?tag=notice.  

https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19 

How It Works

Not all job scams are identical, but those we have seen follow the general pattern described here.

You may see scams arrive as text messages, email, or in almost any other form possible.  The messages are all similar.  You are told that the sender has some association with your school and that you have been selected to apply for a work-from-home position.  You are asked to contact the sender and/or go to a website to provide personal information, including name, address, phone number, email address, and possibly Social Security Number.  Some scammers go to considerable effort to appear legitimate.  They may have set up a website.  They may even use the names of real people from real companies. One very through scam earlier this year took names and photos from the website of a real company and used it to set up their own website.

Once you have accepted the position, you will be provided with either a check or a picture of a check to print out and be directed to deposit it into your checking account.  At the same time, for whatever reason, you will be told to transfer some of your own money (check, wire transfer, etc.) to someone else.  For instance, if the check you get is for $1000.00, you may be told to deposit it and immediately send $700.00 to someone else, keeping the remaining $300.00 as your payment for the work.  The check for $1000.00 turns out to be a fake and is rejected by your bank.  You have just lost$700.00.  The scammer you have been working for will stop responding.  Any contact information you have will no longer be valid.  

Some Examples

E-mail message

What to do

If you do receive anything like the offers above, even if you are not sure, , please DO NOT respond any further or click on any URLs. If you have provided any banking or financial information, please notify your bank or financial institution immediately. If you have been sent a check, you should not attempt to cash or deposit it. If you have deposited a check already, please contact your bank and tell them that it may be part of a scam.

Whether or not you responded to the scam or not, please forward the message (with the email headers - see link below) to security@umbc.edu. We will also keep track of any other information you submit about the scammers, such as their phone numbers if you receive a text message from the scammer.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970 

To read more articles published by DoIT Security please visit: 

https://itsecurity.umbc.edu/critical/?tag=notice.  

https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19 

Recently DoIT was notified of a job scam email campaign from a compromised UMBC email account. The email has the subject line “WorkStudy!” and is presenting a fake job offer to the user. Below is an example of the job scam email, with the name and email of the From and To removed for privacy reasons.

Please note that the email is coming from a compromised UMBC account but the reply-to in the headers is set to <careerjobsdepartment@outlook.com>. This means that if the user responds to the email they would not be responding to the UMBC email but instead the scammer directly at <careerjobsdepartment@outlook.com>.

If you do receive this or a similar email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

To read more articles published by DOIT visit: 

https://itsecurity.umbc.edu/critical/?tag=notice. 

https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19

Below is an example of a scam email that has recently been reported to DoIT. The email below the scammer tries to impersonate a member of the UMBC by setting the From email name to that of a UMBC email user. The name has been removed for privacy reasons. 

This recent phishing attempt has the scammer trying to impersonate a member of the UMBC. These emails are a bit more personalized with the scammer saying “Hello <Users Name>” as well as having the impersonated name at the bottom of the email in the email’s signature.

This email does show some red flags of being a phishing email. First, the email itself is coming from a Gmail account and not a UMBC email account. Second, the email itself has a sense of urgency, urging the user to respond at the “earliest opportunity.”

If you do receive this or a similar email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

To read more articles published by DOIT visit: 

https://itsecurity.umbc.edu/critical/?tag=notice. 

https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19

DoIT has recently been notified of a job scam coming from a compromised UMBC email account, below is an example of that message that was being sent. The subject line of the job scam email is “_Available.” The name and email address of the From and To users were removed for privacy reasons.

Please note that the email above is coming from a UMBC email account, but within the email headers it shows that the reply-to is set to a <charlenabolinlyco21@gmail.com>. This means that if the user tries to respond to this email they would not be emailing the compromised UMBC account but instead the scammer directly at <charlenabolinlyco21@gmail.com>.

If you do receive this or a similar email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

To read more articles published by DOIT visit: 

https://itsecurity.umbc.edu/critical/?tag=notice. 

https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19

Tracking Code Scam

The Better Business Bureau warns of a scam where malicious actors aim to deceive online shoppers into paying for goods that do not actually exist. This is done by the scammers creating fake websites that are selling products with great deals, usually selling brand named goods at a significant discount.

If the user decides to take a chance and make the purchase, the site is said to instruct the user to pay through PayPal. After checkout the user will receive a tracking number from UPS, FedEx, or another shipping service. After awhile if the user checks the package is said to be delivered but to the wrong address.

If the user tries to contact the website they will learn that the site is either unresponsive or unhelpful. Some cases, the site does not even provide contact information and in others they just do not respond to any emails or calls.

Some of the victims of this scam reported filing a claim with PayPal for their money back but because the scammer technically shipped the package and the tracking number marked it as delivered, PayPal was rejecting their claims.

The articles linked below gives some tips on spotting Package Delivery Scams and other online shopping related scams:

• Before paying, know your rights and responsibilities. In any type of scam, scammers might try to take advantage of what consumers do not know when it comes to processing payment. Do not make a purchase from any seller that seems suspicious and do not assume that you’ll be protected no matter what.

• Before buying online, confirm the site has real contact information. Make sure the seller has a working phone number and address on the website, so you can contact them in case of a problem.

• If the price seems too good to be true, then it probably is. Be wary if the item is selling for significantly lower than what you have seen elsewhere.

• Make sure you know who you are dealing with, they advise you check the spelling and the domain names. As well as to google the website to see if the website has had any complaints.

• Scam websites usually have poor grammar and spelling, a lack of information, and capital letters in the middle of sentences.

• Make sure the website is using https:// as a trusted website will have a secure domain so that your information is safe. Make sure to also check the address bar for a “not secure” message as that is another red flag.

• Check for the website's privacy policy to understand what personal information is being requested. If there isn’t a privacy policy that is a red flag.

• Research the business first to make sure it is legitimate before giving them any of your personal and/or financial information.

For more information, please check out: 

https://www.bbb.org/article/scams/21097-scam-alert-tracking-code-trick-costs-online-shoppers

https://www.bbb.org/article/news-releases/22474-bbb-warning-be-careful-purchasing-from-unknown-websites-during-covid-19

https://www.bbb.org/article/tips/14040-bbb-tip-smart-shopping-online

To read more articles published by DOIT visit: 

https://itsecurity.umbc.edu/critical/?tag=notice. 

https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19

A phishing attack urging users to download undelivered emails was reported to DoIT Security this week. Here is an example of the malicious message.

From: "umbc.edu System Administrator" <admin@secureserver.net>

Subject: You have 4 undelivered emails. Download them now

Date: 03 Sep 2020 14:40:40 +0800

Undelivered Mail Notification

Email account: (redacted)@umbc.edu

Time of error 9/3/2020 2:40:40 p.m.

Due to a recent configuration error, some of your emails have not been properly synchronized with your mailbox. Login below to clear this error and download your mails.

Download your emails

If you do not retrieve your undelivered emails now, they may be lost forever.

umbc.edu Email Server

The link to “download” undelivered emails leads to a website which prompts users to enter their UMBC credentials, potentially giving malicious actors access to victims’ UMBC accounts.

Notice the warning signs in this email. First, check the sender address, and notice that the supposed "umbc.edu System Administrator" is not using a umbc.edu address. Next, check the time and time zone of the message. The time zone UTC+0800 is used in China and parts of Australia and Russia, for example, but not anywhere that a legitimate email about your UMBC account would likely originate. Finally, be wary of unexpected emails requiring immediate action. Malicious actors try to induce panic to make victims act before thinking about the risks.

See a similar email reported at the University of North Carolina at Chapel Hill:

https://its.unc.edu/phish-alert/you-have-9-pending-emails-download-them-now/

If you do receive this or any other email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

To read more articles published by DOIT visit: 

https://itsecurity.umbc.edu/critical/?tag=notice. 

https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19

On June 19, 2020 an online antique Marketplace, LiveAuctioneers, suffered a data breach. Approximately 3.4 million records were leaked. The records include names, email and IP addresses, physical addresses, phone numbers and passwords stored as unsalted MD5 hashes.The information was sold online and redistributed to a hacking forum. 

29 UMBC accounts were victims of this breach. The victims are being notified via their UMBC emails and/or their alternate emails. If you have a LiveAuctioneers account, please contact them to see if you have been affected by this breach. To see if you were involved in any other breach visit: https://haveibeenpwned.com/.

More about LiveAuctioneers data breach:

https://www.bleepingcomputer.com/news/security/liveauctioneers-reports-data-breach-after-user-records-sold-online/

https://portswigger.net/daily-swig/liveauctioneers-data-breach-millions-of-cracked-passwords-for-sale-say-researchers

If you have any questions or concerns email us: security@umbc.edu 

Information about this breach was provided to us by Have I Been Pwned(HIBP). 

_____________________________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. Instructions for doing so can be found at the UMBC support wiki: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Need to set up a recovery email for your UMBC account?

Follow the instructions here: https://my3.my.umbc.edu/groups/itsecurity/posts/94776

With Covid-19 being something we all face in our daily lives, malicious actors are not giving up on scamming people out of not only their personal and financial information, but are also trying to get their victims’ money or even just installing a malicious software onto their victim’s devices.

The article linked below from Forbes is a good reminder that there are still many types of Covid-19 themed threats from phishing scams to fake websites.

Phishing Scams

Phishing emails are one of the biggest scams out there. As time goes on the scammers get more and more creative with their phishing techniques. With many people worried about Covid-19 and working from home, scammers are posing as loan specialists, health officials, and national authorities. For example, some scammers send emails that appear to be from the World Health Organization (WHO) or the Center for Disease Control and Prevention (CDC).

Here are some tip to look for to try and spot a phishing email:

• Unfamiliar email address

• Generic greetings

• Spelling and grammatical errors

• Sense of urgency or demand for immediate action

• Request for banking or personal information
  
  

At UMBC we see phishing emails with scammers saying that they are from places like Cisco or Corestaff trying to give work from home opportunities to students. We have also seen attempts in which a compromised umbc account will be used to send out phishing emails. For more information on these scams or other tips please check out the DoIT security articles which are linked below.

If you do receive any email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu. 

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

Bogus Websites

Another common scamming technique is the use of fake websites. Scammers will provide a link to these websites in their phishing emails to make the scam more believable. The scammer tries to make the website look as legitimate as possible. They may do this by using similar domain names such as <www.umbc.net>; instead of <www.umbc.edu>;.

There are ways to try and make sure the website you are visiting is legitimate. Before you click, check the link! If you move your cursor over the link without clicking, the real link address should appear at the bottom of your browser. 

Here are some other tips to help verify that a website is legitimate:

•  Check to see if the website has a secure connection, this can be seen at the top left of the search bar where there is a little lock icon.

• Look for https in the URL instead of http, (the s stands for secure).

• Verify the website's privacy policy if possible.

• Check for contact information on the website, if there is no privacy or contact information that is a big red flag.

• Watch out for signs of malware, meaning suspicious pop-ups and fake-looking ads.

Fake Advertisements

Similar to the creation of fake websites, scammers are creating fake ads. Scammers use fake ads to trick people into providing information for things like Covid-19 loans and stimulus checks. 

Just as with phishing emails, these ads will have a sense of urgency to them. Using terms like “Act now before funds run out.” The important thing to remember here is to not click on ads on unfamiliar websites and pages. Please do not give out personal or financial information online if the person or site that you are giving it to is not secure and trusted.

Phony Phone Calls and Texts

Phishing campaigns are not limited to emails, but can appear in phone calls, text messages, and direct messages (DMs) on social media sites like Facebook and Twitter. If you receive a strange message or voicemail from an unknown sender or caller, do not respond or click on any links.

For text messages and DMs, use the same precautions as with phishing emails. Do not click on links from unsolicited messages, watch out for spelling and grammatical errors, and do not provide any personal or financial information.

For more information on tips to help protect against phishing scams done over text or DMs (also known as “smishing”) please check out this article: https://itsecurity.umbc.edu/critical/?id=94345.

When it comes to phone calls, use caution. Do not give away any personal or financial information over the phone, especially your Social Security number or bank account information. If you feel the call is suspicious, hang up. If the scammers are claiming to be from a company or a bank and you feel the call is suspicious, do not interact try to find the actual customer service number from the company’s website, to confirm if the call was legitimate or not.

For more information, please check out: 

https://www.forbes.com/sites/mikekappel/2020/08/05/cybersecurity-threats-during-covid-19/#68b36c80113c

To read more articles published by DOIT visit: 

https://itsecurity.umbc.edu/critical/?tag=notice. 

https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19