Scammers are always inventing new ways to exploit people. However, some of the basic tactics don’t change much. The Cybercrime Support Network (CSN), in partnership with Google, has set up the ScamSpotter web site (https://scamspotter.org/) . Scam Spotter lists Three Golden Rules for spotting a scam.
Slow Down: If any organization is rushing you to act fast, this is a red flag. Take your time to get more information. Do not rush.
Spot check: Utilize the internet, search for that organization online. If you get unexpected calls, unhang up, then search to verify the phone number.
Stop, Don’t Send: Scammers are always demanding payment on the spot, A trustworthy organization would not ask you to send your credit card over texts, phone calls or emails. Scammers love gift cards. Do not send any gift cards to anyone, who you have not verified or know.
If you receive email and are not sure whether it’s a scam, please send the complete headers to security@umbc.edu. The UMBC guide to displaying complete email headers can be found at:
https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970
Source: https://scamspotter.org/scams
]]>With COVID-19 present in our day to day lives, malicious actors are taking this opportunity to scam people out of their personal and financial information. Recently the IRS Criminal Investigation Division (IRS-CI) has noticed various campaigns targeting Economic Impact Payments as well as other COVID-19 related scams.
The IRS-CI warns that some of these scams will offer more money from the government or even faster check delivery if the reader shares personal information and pays a small “processing fee.” The IRS warns that there are no shortcuts for stimulus checks. Malicious actors have also been trying to convince people to “apply” for a second stimulus check. According to a Forbes article, as of right now, there is currently no second stimulus check in the works.
Malicious actors are also setting up fake charities soliciting donations for individuals, groups and areas affected by COVID-19. Some malicious actors are even offering the chance to invest in companies working on a vaccine, promising that the “company” will dramatically increase in value as a result. Some are even selling fake products like at-home test kits, fake cures, vaccines, pills and giving advice on unproven treatments.
They also warn of phishing campaigns being sent out either through text or emails. These campaigns are using keywords like “Corona Virus,” “COVID-19,” and “Stimulus.” For these campaigns the IRS-CI says the malicious actors' targets are people's personal and financial information.
If you do receive any email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu.
How do I forward full email headers?
https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970
For more information, please check out:
https://www.irs.gov/newsroom/irs-warns-against-covid-19-fraud-other-financial-schemes
]]>You are working from home, web browser open to whatever resources you need to write a paper, prepare a class, review a budget, or whatever else you need to get your job done. Suddenly a window you didn’t ask for appears on your screen. It may look sort of like a normal security product or perhaps it is flashing red and yellow. There may even be - no kidding - sirens. The message seared into your eyes tells you that your computer is infectedwith viruses, possibly hundreds of them. The message says your data may be stolen, or erased, or both. The message tells you that it is urgent that you click a link to buy and download an antivirus product and/or call a phone number where you will be able to buy a support contract (they just need your bank’s routing number and your account number and they will take care of the details). If you try to close this window, it wither won’t close or gets replaced by more such windows. In any case, the message is telling you that the most important thing for you to do immediately is to panic. The pop-up window is doing it’s very best to get you to act without asking any questions.
This type of malware has become quite common and falls into a class called ‘scareware’. The goal is to get you to act without thinking about what you’re doing. If the window won’t go away, turn your computer off and then back on. Some scareware is attached to your browser and will only reappear when you start whichever browser you were using before. Other scareware is installed as a program and may reappear when your computer restarts. It can be extremely annoying, but the real threat is the link and/or phone number that you are asked to use to fix the problem. DO NOT CLICK THE LINK AND/OR DO NOT CALL THE NUMBER.
General Rule: Anything, windows, email, articles, etc. that you see on your computer that seems to be trying to induce panic, is probably trying to do just that. Stay calm and think, don’t click!
Here are some references where you can find out more:
https://www.aarp.org/money/scams-fraud/info-2019/tech-support.html
https://www.consumer.ftc.gov/articles/how-spot-avoid-and-report-tech-support-scams
https://computing.which.co.uk/hc/en-gb/articles/207101035-How-to-spot-a-fake-virus-alert
With Covid-19 causing many Americans to file for unemployment, many people are looking for jobs. Some malicious actors are taking advantage of them by creating new job scams. Here is a list of tips from Forbes to help spot potential job scams.
Malicious actors will use keywords when describing a job such as “work-from-home”, “work-at-home”, “quick money”, or even “unlimited earning potential”. A legitimate job will usually use keywords along the lines of “remote work”, “virtual work” or “telecommute job”.
Descriptions and emails for scam jobs will usually have grammatical or spelling errors, while legitimate jobs will not have major errors.
A malicious actor will want to hire very quickly, they may include keywords like “immediate hire” in the description and any communication will feel urgent. A legitimate job will usually take some time as they want to hire the right people.
If the job description seems “too good to be true” then it probably is.
Scam jobs are known for asking for an upfront fee for things like applications, background checks, employee processing or even uniforms. They could also request personal information prior to completing the hiring process. A legitimate job will only request information like tax documents after agreeing to the terms of hire.
A malicious actor will request to communicate through email or even chat rooms like Google Hangout. Their emails might even try to mimic the real company’s emails. Even if a legitimate job will contact you through websites like LinkedIn. They will not hire someone without having a phone or video conference interview.
The key to quick scams is urgency. The scammer doesn’t want you to stop and think, and certainly not to ask questions. If you are urged to act immediately and told that you will lose a good opportunity or that something bad will happen if you delay, be suspicious.
Lack of business details is another warning flag. If someone offers you a job without giving you a phone number, street address, or a link to their business to check out, be suspicious.
If the message tells you that your name was provided by UMBC, but asks you to reply from your personal email, ask yourself why they don’t want to use the UMBC email address they just used to contact you. If you see something inconsistent, be suspicious.
If you do receive any email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu and delete the message.
How do I forward full email headers?
https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970
For more information, please check out:
]]>Many of us lived our lives, at least in part, through computers even before telework and distance learning became the norm. You may use your computer for writing reports, designing presentations, tracking budgets, email, banking, checking medical records, filing your taxes, and dozens of other necessary work and life-related chores. Now, suppose someone took your computer and demanded a hundred dollars for its return. Suppose someone took all the computers in your office or university away and demanded thousands of dollars for their return. This is what ransomware does.
Just to be clear, no one shows up, grabs the computer, and runs out the door. During a ransomware attack, the computer is still there. The data on the computer, however, all the email, documents, spreadsheets, bookmarks and whatever else you have stored on it is unusable. It has been encrypted, and you don’t know the password. The data is, for all intents and purposes, gone.
Ransomware will leave your computer just functional enough to pop a ransom note up on the screen. The note directs the victim to pay a specified amount in cryptocurrency in return for the password. The payment will be effectively untraceable. Like most ransom situations, you have no assurance beyond the word of obvious criminals that you will get that password, or even that they have it. Two departments at Michigan State University were struck with ransomware around last Memorial Day and have announced the ransom will not be paid.
Ransomware is delivered in the same way as other malware. It usually gets a foothold when a computer user opens infected email, clicks on a malicious link, or installs software from an untrusted source. It is just as likely to strike any computer as any other malicious program.
Updating your computer regularly with security patches and installing anti-virus protection is always a good idea. The absolute best defense against ransomware, is to make a backup. If you have recent copies of your files stored somewhere other than on your computer, you can restore all your data if ransomware hits. You don’t need to backup all the information on the computer, just the information that is important and irreproducible. Documents, pictures, address lists, etc. can all be backed up, either to removable media such as a USB thumb drive or an external drive, or to cloud storage. Microsoft and Apple have both tried to make automatic backup to cloud storage as easy as possible (see Resources below). There are other options such as Box storage with Box Sync.
IMPORTANT: If you are working from home using data belonging to UMBC, there may be restrictions on where that data can be stored. Check with the Division of Information Technology (security@umbc.edu) to find out what options are available. It is essential that backups of sensitive data be protected and not breached.
Windows Backup to Microsoft OneDrive
https://www.microsoft.com/en-us/microsoft-365/onedrive/pc-cloud-backup
Macintosh Backup to iCloud
https://support.apple.com/en-us/HT204025
For more information:
https://www.insidehighered.com/quicktakes/2020/06/04/michigan-state-refuses-pay-ransom-hackers
]]>The Federal Trade Commission warns of a phishing email scam aimed at college students. The malicious actor sends emails out claiming to be from the Financial Department of the student’s university. The email tells readers to click on the provided URL to get messages about their economic stimulus check. Once readers click on the URL it will require a university login to proceed.
These emails are phishing scams and once the URL is clicked on, the reader is either giving the malicious actors their personal information or even allowing malware to be installed onto their devices.
To help spot and avoid scams similar to the one above:
If you have concerns about an email, look up a phone number or website of the sender/department that the email is claiming to be from. This helps to confirm you are calling someone who is real and not a malicious actor. If there is no contact information, it very likely is a scam.
Look out for bad grammar and spelling as this can be a tip-off that the email might be from a malicious actor.
Look out for wrong department names. For example the article found that one version of this phishing email claimed to be from the Financial Dept instead of the Financial Aid Department.
If you do receive any email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu and delete the message.
How do I forward full email headers?
https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970
UMBC’s Office of Financial Aid and Scholarship:
https://financialaid.umbc.edu/
For more information, please check out:
https://www.consumer.ftc.gov/blog/2020/05/covid-19-scams-targeting-college-students
]]>May 22, 2020
Next Week, Maryland will begin a state-wide effort to trace the spread of COVID-19. The effort will involve health workers making phone calls to Maryland residents. This is a very important step in identifying potential disease clusters and everyone’s help is needed.
At the same time, Maryland in general and UMBC in particular have been targets of a wide variety of scams taking advantage of people’s fears and uncertainties around this disease. It is very possible that unscrupulous people will take advantage of Maryland’s effort as a cover for phone scams. North Carolina, for instance, started a contact tracing effort last month and has gotten reports of scammers pretending to be health officials and gathering information from residents.
When you get a call, your caller ID should read “MD COVID”. You will be asked about your health and about your location and interactions within a period of time. You will be asked for your birth date, contact information, and information about any COVID-19 test if you have had one. You will get guidance about potential symptoms to watch for and about self-isolation.
You will NOT be asked for:
If anyone asks you for this or other information having nothing to do with COVID-19, please do not give it to them.
So far, Maryland has not announced that text messaging will be part of the contact tracing effort. If you receive a text message that asks you to click on a link for contact tracing, do not click it. At best, it will take you to a scam questionnaire requesting your personal information. Worse, it could download malware to your phone and start harvesting personal information itself.
New Jersey has received reports of text messages pretending to be from contact tracers and telling people that they have already had contact with a potential COVID-19 carrier. These messages also contain links which will lead to information theft and/or malware. Contact tracers don’t work like this.
Launch of Maryland’s contact tracing effort
FTC Warning about COVID-19 contact tracing text message scams
Scam Warning from North Carolina Attorney General
Warning from New Jersey state officials about text message scams
]]>DomainTools discovered that domain names associated with COVID-19 and Coronavirus have spiked in the past few weeks, and many of those domains are considered malicious. One that caught their eye was a website that offers a real-time coronavirus outbreak tracker as an Android app.
The app says that it offers many features like a heat map and other statistical data about COVID-19, but this app is instead ransomware. When downloading the app, it will ask for administrative access promising that this will allow certain types of information. If the app is given administrative access, it is given the opportunity to lock up all contacts, pictures, videos, and social media accounts unless their ransom is paid in Bitcoin. If the ransom is not paid, the attacker threatens to release all private information publicly and erase the phone's memory.
DomainTools offers tips on how to better protect against ransomware and other malware that tries to capitalize on coronavirus. They first state to be sure to only use trusted information sources from the government and research websites, and not to click on anything health related in your emails. Next they ask Android users to ensure that they download apps from the Google Play store, as third-party stores have a much higher risk of downloading malware.
For more information, please check out:
https://www.us-cert.gov/Ransomware
]]>Tripwire has released an article warning of these COVID19-related phishing scams. This article can be found at this link: https://www.tripwire.com/state-of-security/security-awareness/covid-19-scam-roundup-may-11-2020/
(Fake) Work From Home Offers
PhishLabs discovered a phishing email attack aiming to entice people laid off due to COVID-19 with a work from home opportunity. The one email they found offered $5000 a month for a fake position. If the reader replies, they are asked for personal and financial information and will be given a more detailed job description involving transfering money through the readers accounts. The malicious actors might not only steal money from the readers account, but also could use the reader as a money mule meaning that they could be held liable for the stolen money that passes through their account.
(Fake) IRS Page
Researchers at SecureWorks discovered malicious actors targeting readers with a phishing page designed to look like a tax form given by the IRS. The attack is believed to be distributed through email attacks, and the goal of this attack is stealing the readers tax information. Once the malicious actor has the information, they can then impersonate the reader on the official IRS tax form meaning that they will collect not only their tax return but their stimulus checks as well.
Impersonating Institute of CPAs
The Microsoft Security Intelligence team discovered that some digital attackers were using COVID-19 themed attack campaigns to distribute malware. One example they found showed a malicious actor impersonating the Institute of CPAs. In their emails they were claiming to be delivering COVID-19 related updates to its members as well as containing a ZIP file. The file is instead an executable that will allow the malicious actor to take control of the affected machine.
]]>Email Attacks
Tripwire has released an article warning of these COVID-19 related email scams. The article can be found at this link: https://www.tripwire.com/state-of-security/security-awareness/covid-19-scam-roundup-may-4-2020/
They report on a finding from Kaspersky Labs, where they warn of a spam email campaign informing recipients that a delivery attempt had failed because their shipment details were incorrect and the reader needs to update their details. An image of a receipt is included in the message. The receipt is too small to read easily, so the recipient will probably click on it for a better look. Clicking on the attachment will load spyware onto the user's device.
A malicious actor sent out emails urging recipients to consider donating to the World Health Organization. The email has a from address of “support@covid-19[.]world” and includes a link at the bottom saying “Help Us Fight”. Clicking the link will take the reader to a malicious domain help-who[.]com. For readers to donate they must click on the embedded link which allows the malicious actors to steal the reader’s payment information.
Finally the article reports that IBM X-Force discovered a phishing email campaign that seemed to be from the US Department of Labor. The email states they have made changes to the “Family and Medical Leave of Act” as a result of COVID-19. This email then asks readers to review the attached word document. The attachment will install malware which puts the reader’s computer under the control of a botnet.
]]>