The Cybersecurity and Infrastructure Security Agency (CISA) announced a new phishing email campaign spoofing the Small Business Administration (SBA). This email has the subject “SBA Application – Review and Proceed” and contains a link to a fake SBA website login page, allowing scammers to harvest credentials from unsuspecting victims. Here is an image of the malicious site, provided in CISA’s alert.

For more information, including a list of known sender addresses and URLs, please see the original alert athttps://us-cert.cisa.gov/ncas/alerts/aa20-225a.

If you receive any suspicious email, please do not respond or click any links. Instead, forward the message and full headers to security@umbc.edu.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

To read more articles published by DOIT visit: 

https://itsecurity.umbc.edu/critical/?tag=notice. 

https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19

DoIT Security has received a new variation of a classic get-rich-quick scam, this time claiming to be from a Powerball winner who wishes to distribute millions of dollars, supposedly to lessen the impact of COVID-19. Over 5000 UMBC addresses received emails from this sender, most likely containing the same message.

From: "Bill and Helene" <kkt-co@beige.plala.or.jp>

Subject: We Have Private For Donation

Date: Tue, 11 Aug 2020 14:26:21 +0900

--

The Corona Virus (COVID-19) Outbreak isn't just a major health

crisis -- It's also a large economic disruption leading to people

Losing their Jobs and making it harder to take care of their

Families.

We know that a little financial support can go a Long Way.

I'm Bill Lawrence from Sacramento California the Winner of 150 million

United State Dollars Jackpot from the Power ball lottery held on

December 16, 2019. My Jackpot was a gift from God to me.

Hence my entire Family has agreed to do this.

We are donating $75 million to Help individuals and Small Scale

Businesses around the world.

I write to inform you that Google in alliance with Microsoft and Yahoo has submitted your

"Email" to my request to receive a donation amount of $5,000,000

Please accept this Token as a Gift From me and My Family.

We await your urgent response Via email heleneandbill97@gmail.com

Bill and Helene Lawrence

https://www.powerball.com/winner-story/150-million-powerball-ticket-claimed

Messages like these, which promise large amounts of money, are most likely advance-fee scams. Also known as Nigerian Prince scams, or 419 scams, advance-fee scams promise a large amount of money that can be claimed after paying a comparatively small fee. After a victim pays the fee, the scammer may claim to need another fee, or may vanish. Either way, victims will never receive any money in return.

In addition to the irregular grammar and capitalization, note the From address with a .jp domain, and the time zone, UTC+0900. Both of these indicate that the message originated in Japan, not California. Although the URL provided appears to be legitimate, it does not indicate that the message is really from the Powerball winner. It is always best not to click links in suspicious emails, as they may contain malware, steal personal information, or, as in this case, simply provide misleading information when used in the context of a scam email.

If you do receive any email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

To read more articles published by DoIT visit: 

https://itsecurity.umbc.edu/critical/?tag=notice.

In  the article linked below, the Better Business Bureau is warning of government imposter scams. In these scams, a malicious actor will call or even message the victim claiming to be from a government agency. Their goals are usually to steal the victim’s personal and financial information, to steal the victim’s  money or or to persuade the victim to install malware. 

According to the article, most Americans have encountered this scam before. Research done by the Better Business Bureau found that the Social Security Administration, Service Canada, the Internal Revenue Service (IRS) and the Canada Revenue Agency are among the most impersonated.

Some examples of Social Security-related impersonation scams:

• Increase a benefit: In this scam the malicious actor will claim that the victim is eligible for increased benefits, typically due to a cost of living increase. The malicious actor will request bank account details so that the money can be deposited into the victim’s account. Once the malicious actor has the banking information they are able to steal money from the account.

• Restoring Social Security Number: Some malicious actors will claim the victim's Social Security Number has been suspended. The malicious actor will ask the victim to pay for it to be restored. They may also ask for the victim's Social Security account information, which allows them to apply for benefits under the victims name.

• Social Security Number used in a crime, in this scam the malicious actor will threaten arrest if the victim does not respond immediately.
  
  

When the IRS is used as a cover instead of the Social Security Agency the scams vary, though they have many similarities to the Social Security scams.  For instance,  the malicious actor may claim to be an IRS agent and threaten the victim with arrest for unpaid taxes or even fraud. 

The only way to avoid being arrested, the victim is told,  is by paying a fine (or the unpaid taxes) immediately.  Victims are told to buy gift cards and to provide the caller with the number on the back of each card. But of course these threats are fake, and these are just scammers trying to use fear to get the victims money or information. 

Just as with phishing scams, the malicious actors follow the headlines and change their scams with thet latest news. During the Covid-19 pandemic and after the passage of the Coronavirus Aid, Relief, and Economic Security (CARES) Act, scammers started to claim to be from the CDC or the United States Treasury Department in order to manipulate and steal personal and financial information from victims.

Some examples of Covid-19 related impersonation scams are: 

• Relief benefits: Malicious actors claiming to be from the IRS and offering to expedite benefits under the CARES Act.

• Fake donations: Malicious actors claiming to be from the CDC requesting donations. Email and text messages making these claims may arrive with malware or URLs that could cause harm to the victim's device.

• Contact tracing scams: Email, texts, or messages on social media claiming to be from contact tracers informing the victim that they have come in contact with someone who has tested positive for Covid-19. These scammers seek personal information and/or send messages that may contain malware. For official information on contact tracing efforts in Maryland please visit https://coronavirus.maryland.gov/pages/contact-tracing.

Scammers have also threatened arrest for missing jury duty, impersonated immigration officials threatening to deport the victim, and offered free money in the form of government grants.

Some red flags to watch for to see if the person claiming to be from a government agency is actually a malicious actor:

• The IRS generally first contacts people by the postal mail. Never provide your bank account or other personal information to anyone who calls you.

• Don’t pay by gift cards. The IRS and other government agencies will not idemand or even accept payment using iTunes cards, gift cards, prepaid debit cards, money order, bitcoin or cash.

• The IRS will never request personal or financial information by email, text, or any social media platform. Do not click on any links in unsolicited emails or text messages.

• Social Security numbers are never “suspended”.

• Caller ID cannot be trusted to confirm that the source is from a government agency. Look up the phone number for the agency and call to see if they are really trying to contact you.

• The Social Security Administration will never threaten to arrest you because of an identity theft problem. 

If you do receive any email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

For more information, please check out: 

https://www.bbb.org/article/news-releases/22775-government-impostors-study

To read more articles published by DOIT visit: 

https://itsecurity.umbc.edu/critical/?tag=notice. 

https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19

In the article linked below, BBC News warns of different Covid-19 themed frauds and scams. Many malicious actors follow the headlines just like the rest of us, and when they see a crisis like Covid-19, they take the opportunity to jump on the fear and try to scam as many people as they can. 

The article warns of these scams to be wary of:

• Covid-19 Financial Support Scams

• Fake government emails, which look to be from a government department and offer financial grants. The emails contain a link which can steal both personal and financial information.

• Scam emails offering access to a “Covid-19 relief fund”, and encouraging users to fill in a form and hand over personal information.

• Official-looking emails offering “tax reductions.” The email is reported to contain a link that takes users to a fake government website which can harvest users personal and financial information.

• E-mails offering to help Benefit recipients in applying for universal credit, but which fraudsters will grab some of the payment as an advance for their "services".

• Email about claiming fake school meal funds and fake government grants.
  
  

• Health Related Scams

• Phishing emails claiming that the user has been in contact with someone who has been diagnosed with Covid-19. The links lead to fake websites that are used to steal personal and financial information or even infect the device with malware.
  For official information on contact tracing efforts in Maryland please visit https://coronavirus.maryland.gov/pages/contact-tracing.

• Fake ads for non-existent Covid-19 related products, such as hand sanitizer and face masks. They simply will take the users’ money and send them nothing.

• Offers of fake Covid-19 test kits and hand sanitizer, or even products claiming to treat or prevent Covid-19.
  
  

• Social Distancing Related Scams

• Fake emails and texts claiming to be from “TV Licensing”, telling people they are eligible for six months of free TV because of Covid-19. Users are then told there has been a problem with their card and are asked to click on a link that takes them to a fake website designed to steal users persona and financial information.

• Emails asking people to update their TV subscription services payment details by clicking on a link which is designed to steal credit card information.

• Fake profiles on social media sites designed to try and manipulate users into giving them their money. 

• Fake investment advertisements on social media sites encouraging users to “take advantage of the financial downturn.” Bitcoin platforms are using emails and adverts on social media platforms to encourage users to put money into fake companies using fake websites.

• Malicious actors cold-calling home residents offering to do shopping errands.

• Messages telling the user that they have been fined for leaving their home more than once a day. Links in these messages are designed to steal a victim’s personal and financial information or to install malicious software onto the user’s device.
  
  

• What We See at UMBC

• At UMBC, DoIT is getting reports of work-from-home phishing emails. These phishing emails follow a similar pattern of offering a work-from-home opportunity and ask for personal information like personal email and home address. They will then send a fraudulent check to the user which should not be cashed. 

• Recently DoIT has also seen phishing emails attempting to impersonate UMBC staff and asking for gift cards or phone numbers.

For more information on these and other phishing attempts at UMBC please visit the DoIT Security page which can be found here https://itsecurity.umbc.edu/.

If you do receive any email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

For more information, please visit: 

https://www.bbc.com/news/business-53573408

To read more articles published by DoIT Security please visit: 

https://itsecurity.umbc.edu/critical/?tag=notice. 

https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19

Fake Covid-19 Fund Scam

The FTC posted an article warning of a phishing scam that they recently discovered. In this scam, the malicious actor is sending email claiming to be from the FTC and saying that users could get money from a Covid-19 “Global Empowerment Fund.” All that is required of the user is to respond with their bank account information.

This email is a scam.  It is not from the FTC, there is no money and there is no fund. The FTC says that they will never contact you by phone, email, text message, or by social media to ask for financial information, this includes your social security number. They also state that any stimulus checks will be from the IRS , not the FTC.

If you do receive any email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu and delete the message.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

For more information, please check out: 

https://www.consumer.ftc.gov/blog/2020/06/fake-emails-about-fake-money-fake-covid-19-fund

With COVID-19 and associated restrictions remaining prevalent, many malicious actors have used the opportunity to update their phishing email campaigns. The article linked below explains some of the ways malicious actors try and trick people into giving up their information or even into installing malware.

The article states that many of the emails will use subject lines like coronavirus, work reopening, rescheduled meetings, stimulus payments, and new vacation policies. Malicious actors also craft themed emails to look like popular social media sites like Facebook and LinkedIn.

For LinkedIn they noticed subject lines "You appeared in new searches this week," "People are looking at your LinkedIn profile," "Please add me to your LinkedIn Network," and "LinkedIn Password Reset."

 Facebook sees phishing emails using subject lines like "Your Friend Tagged a Photo of You" and "Your friend tagged you in photos on Facebook." Phishing campaigns from Twitter were said to try and entice people with subject lines similar to "Someone has sent you a Direct Message on Twitter."

Other subjects included "A login alert for Chrome on Motorola Moto X," "New voice message at 1:23AM," and "55th Anniversary and Free Pizza". The article also describes some general subjects to look out for:

• Password Check Required Immediately

• Vacation Policy Update

• Branch/Corporate Reopening Schedule

• COVID-19 Awareness

• Coronavirus Stimulus Checks

• List of Rescheduled Meetings Due to COVID-19

• Confidential Information on COVID-19

• COVID-19 - Now airborne, Increased community transmission

• Fedex Tracking

• Your meeting attendees are waiting
  
  

According to the article, the most common subject lines within phishing emails found “in-the-wild” in the last quarter were:

• Microsoft: Abnormal log in activity on Microsoft account

• Chase: Stimulus Funds

• HR: Company Policy Notification: COVID-19 - Test & Trace Guidelines

• Zoom: Restriction Notice Alert

• Jira: [JIRA] A task was assigned to you

• HR: Vacation Policy Update

• Ring: Karen has shared a Ring Video with you

• Workplace: [company_name] invited you to use Workplace

• IT: ATTENTION: Security Violation

• Earn money working from home
  
  

At UMBC some of the most common subject lines for phishing emails seen recently have been “UMBC JOB OPPORTUNITY”, “CORNERSTONE STUDENT JOB OFFER”, “CORNERSTONE JOB OFFER”, “UMBC COVID-19 INFORMATION”, “UMBC COVID-19 PART TIME JOB OFFER” and “WORK FROM HOME.”

If you do receive any email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu and delete the message.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

For more information, please check out: 

https://www.techrepublic.com/article/watch-out-for-these-subject-lines-in-email-phishing-attacks/

According to the article linked below, a recent work-from-home scam has been targeting college students. These malicious actors are targeting students via emails that appear to be sent from a college or company advertising fake work-from-home job opportunities.

The malicious actor will use these emails to obtain the students personal information. Once the malicious actor has the students information, they will send a counterfeit check instructing the students to deposit the check into their personal checking account. The malicious actor will then ask the student to withdraw the money and make a payment necessary for the job.

The article states that students who do fall victim to this scam can experience bank accounts being closed due to fraudulent activity and a report filed by the bank with a credit bureau or even law enforcement. The student would also be responsible for reimbursing the bank.

Tips to help spot and avoid these type of scams:

• Research the company first, look for a legitimate website and contact information. Try to find what others are saying about the company as well.

• If they are contacting you and claiming to be from the University, locate the sender’s information through the school website and confirm whether the offer is real or not.

• Look for bad grammar and spelling.

• Offers of employment or pay without an interview are red flags. Legitimate jobs usually want to see who they are hiring.

• Never send funds in the form of cash, check, gift cards or wire transfer to secure a job.

• If you do receive a check from a scam similar to the one above, please do not cash the check.

• If you have provided any banking or financial information to the suspected scammers, please notify your bank or financial institution immediately.

If you do receive any email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu. 

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970  

For more information, please check out:

https://www.winknews.com/2020/06/17/work-from-home-scam-targets-florida-college-students/

Contact tracing is an integral part of the fight against COVID-19.  It speeds response, identifies potential hot spots, and focuses testing efforts.  Unfortunately, it also creates an opportunity for scammers to deploy two of their most powerful tools, impersonating authority and a sense of urgency.

A North Carolina news station conducted an information test by calling a producer's friends and using a script based on CDC recommendations.  

After the initial greeting and confirmation of the subject's name and birth date, the script abandoned the CDC guidelines and started asking for the subject's Social Security number, home address and other personal information.  These questions are presented as necessary to 'confirm' the subject's identity.  In fact, they are the basic elements of identity theft.  Several of the attempts were successful in getting a complete picture of the subject's personal information.

In another part of the same segment, the station interviewed an IT Security professional who demonstrated how a simple, professionally-worded message (from a fictitious contact tracing company) could get recipients to click on a link that could install malware on their computer.  The malware could be leveraged to give  an attacker complete access to all information on the system.

Contact tracing gives scammers a chance to represent themselves as providing a legitimate and authoritative service in combating a pandemic, and to take advantage of the stress their victim may feel on being informed that they have been identified as at-risk for infection.

If you get a text message or email telling you that you will be called by a contact tracer, then just wait for the call.  If you get a message telling you to click a link, DO NOT CLICK THE LINK!

If you live in Maryland, please visit https://coronavirus.maryland.gov/pages/contact-tracing .  If you are called by a legitimate contact tracer, your caller ID will tag the call as MD COVID.  If you do not have caller ID, the calling number should be (240) 466-4488.  You can also call back on (240) 466-4488 if you receive voice mail.  A legitimate contact tracer will not ask you for your Social Security number, bank account number or credit card information, nor will they ask for money.

References:

Rossen Reports: Feds warn of new contact tracing scam

https://www.wxii12.com/article/rossen-reports-scammers-posing-as-contract-tracers/33251285

Notification of Exposure: A Contact Tracer's Guide for COVID-19

https://www.cdc.gov/coronavirus/2019-ncov/php/notification-of-exposure.html

Welcome to covidLINK - Maryland,giv

https://coronavirus.maryland.gov/pages/contact-tracing

Maryland COVID Contact Tracing

https://www.norc.org/Research/Projects/Pages/maryland-covid-contact-tracing-.aspx

With COVID-19 present in our day to day lives, malicious actors are taking this opportunity to scam people out of their personal and financial information. Recently the IRS Criminal Investigation Division (IRS-CI) has noticed various campaigns targeting Economic Impact Payments as well as other COVID-19 related scams.

The IRS-CI warns that some of these scams will offer more money from the government or even faster check delivery if the reader shares personal information and pays a small “processing fee.”  The IRS warns that there are no shortcuts for stimulus checks. Malicious actors have also been trying to convince people to “apply” for a second stimulus check. According to a Forbes article, as of right now, there is currently no second stimulus check in the works. 

Malicious actors are also setting up fake charities soliciting donations for individuals, groups and areas affected by COVID-19. Some malicious actors are even offering the chance to invest in companies working on a vaccine, promising that the “company” will dramatically increase in value as a result. Some are even selling fake products like at-home test kits, fake cures, vaccines, pills and giving advice on unproven treatments.

They also warn of phishing campaigns being sent out either through text or emails. These campaigns are using keywords like “Corona Virus,” “COVID-19,” and “Stimulus.” For these campaigns the IRS-CI says the malicious actors' targets are people's personal and financial information.

If you do receive any email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

For more information, please check out: 

https://www.irs.gov/newsroom/irs-warns-against-covid-19-fraud-other-financial-schemes

https://www.forbes.com/sites/kellyphillipserb/2020/06/08/irs-warns-on-covid-19-scams-involving-stimulus-checks-fake-cures--more/#67cdbd937a98

May 22, 2020

Next Week, Maryland will begin a state-wide effort to trace the spread of COVID-19.  The effort will involve health workers making phone calls to Maryland residents.  This is a very important step in identifying potential disease clusters and everyone’s help is needed.

At the same time, Maryland in general and UMBC in particular have been targets of a wide variety of scams taking advantage of people’s fears and uncertainties around this disease.  It is very possible that unscrupulous people will take advantage of Maryland’s effort as a cover for phone scams.  North Carolina, for instance, started a contact tracing effort last month and has gotten reports of scammers pretending to be health officials and gathering information from residents.

Phone Calls

When you get a call, your caller ID should read “MD COVID”.  You will be asked about your health and about your location and interactions within a period of time.  You will be asked for your birth date, contact information, and information about any COVID-19 test if you have had one.  You will get guidance about potential symptoms to watch for and about self-isolation.

You will NOT be asked for:

• ·        a Social Security number

• ·        financial or bank account information

• ·        personal details unrelated to COVID-19

• ·        photographs or videos

• ·        passwords

• ·        payment

If anyone asks you for this or other information having nothing to do with COVID-19, please do not give it to them. 

Text Messaging

So far, Maryland has not announced that text messaging will be part of the contact tracing effort.  If you receive a text message that asks you to click on a link for contact tracing, do not click it. At best, it will take you to a scam questionnaire requesting your personal information.  Worse, it could download malware to your phone and start harvesting personal information itself.

New Jersey has received reports of text messages pretending to be from contact tracers and telling people that they have already had contact with a potential COVID-19 carrier.  These messages also contain links which will lead to information theft and/or malware.  Contact tracers don’t work like this.

For More Information

Launch of Maryland’s contact tracing effort

• https://www.baltimoresun.com/coronavirus/bs-md-maryland-contact-tracing-operation-coronavirus-reopening-20200521-jn4wfqgjcjdqbkbu454fhqngim-story.html

• https://www.wbaltv.com/article/maryland-contact-tracing-ramps-up/32631045#

FTC Warning about COVID-19 contact tracing text message scams

• https://www.consumer.ftc.gov/blog/2020/05/covid-19-contact-tracing-text-message-scams
  

Scam Warning from North Carolina Attorney General

• https://ncdoj.gov/watch-out-for-covid-19-contact-tracing-scams/

Warning from New Jersey state officials about text message scams

• https://www.nj.com/coronavirus/2020/05/beware-of-coronavirus-contact-tracing-scams-nj-officials-warn-thousands-of-fraud-cases-reported.html