Downtime

On Saturday, August 15, Panopto will be making a number of updates to their Cloud infrastructure to improve performance and scalability. These updates will require up to 3 hours of downtime, with a target start time of 9:00 PM EDT.

During the downtime, users will not be able to access videos on our Panopto site, and any attempts to upload from recording clients will result in a "Server unable to connect" message.

TLS 1.0/1.1 support end of life

TLS is the cryptographic protocol. Older versions of TLS, specifically 1.0 and 1.1 are no longer considered to be secure and Panopto will discontinue support of them on August 19th, 2020.

Please submit an RT ticket if you have any questions or concerns.

Below is another example of a phishing email campaign in which the malicious actor is claiming to be from Corestaff Services. The email below is the initial message sent out to victims to try and get to to respond with an alternate (non-UMBC) email address.

Once the victim responds with their alternate email address, the scammer will then email that address claiming that the victim got the job and asking for more information. An example of what type of information and how it is formatted in the email is shown below.

If the victim responds with their personal information, the scammer could start messaging the victim over text message and may send a fraudulent check to the victim’s postal address. If this happens to you, please do not try to deposit the check. A very similar scam is described here: https://itsecurity.umbc.edu/critical/?id=94549.

If you do receive this or a similar scam, please DO NOT respond any further or click on any URLs. If you have provided any banking or financial information, please notify your bank or financial institution immediately. If you have been sent a check, you should not attempt to cash or deposit it. If you have deposited a check already, please contact your bank and tell them that it may be part of a scam.

Whether or not you responded to the scam or not, please forward the message (with the email headers) to security@umbc.edu.  We will also keep track of any other information you submit about the scammers, such as their phone numbers if you receive a text message from the scammer.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

To read more articles published by DOIT visit: 

https://itsecurity.umbc.edu/critical/?tag=notice. 

https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19

DoIT has been notified of a phishing scam where the malicious actor was trying to impersonate a UMBC staffer. Below is an example of the email with the name, the email address of the sender, and the signature of the email removed for privacy reasons.

This and other similar phishing attempts seem to target certain departments of UMBC by trying to impersonate one of the staffers in that department. In previous cases of similar scams, if the user responds, the malicious actor could ask the user to send them money in the form of iTunes cards, gift cards, prepaid debit cards, money order, or even bitcoin.

In the case above, note that the scammer sent their email from a gmail and not a UMBC email. The email also tries to trick users by having “.edu” before the @gmail. 

The scammer also tried to make the email look as legitimate as possible by putting an email signature that was meant to look similar to those the persons they were impersonating. The scammer also created a sense of urgency by having the email subject be in all caps and say “QUICK REQUEST.”

If you do receive this or a similar email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

To read more articles published by DOIT visit: 

https://itsecurity.umbc.edu/critical/?tag=notice. 

https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19

The Cybersecurity and Infrastructure Security Agency (CISA) announced a new phishing email campaign spoofing the Small Business Administration (SBA). This email has the subject “SBA Application – Review and Proceed” and contains a link to a fake SBA website login page, allowing scammers to harvest credentials from unsuspecting victims. Here is an image of the malicious site, provided in CISA’s alert.

For more information, including a list of known sender addresses and URLs, please see the original alert athttps://us-cert.cisa.gov/ncas/alerts/aa20-225a.

If you receive any suspicious email, please do not respond or click any links. Instead, forward the message and full headers to security@umbc.edu.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

To read more articles published by DOIT visit: 

https://itsecurity.umbc.edu/critical/?tag=notice. 

https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19

Similar to other work from home phishing attempts targeting the UMBC community, this one follows the pattern. A malicious actor who claims to be from a company, in this case Cisco, offers the victim a job. This email also shows the subject line of “WORK FROM HOME” in all caps. An example of this phishing email can be seen below:

Past phishing emails attempts like this one ask the victim to reply with their personal (non-UMBC) email. Then the malicious actor would ask for more personal information such as the phone number, address, current job, and even the birthdate of the victim.

After the victim responds, they would receive another email. This email would be confirming that the victim got the job and that the scammer would be sending the first paycheck. In scams similar to this one the scammer has been known to text victims too.

If you do receive this or a similar scam, please DO NOT respond any further or click on any URLs. If you have provided any banking or financial information, please notify your bank or financial institution immediately. If you have been sent a check, you should not attempt to cash or deposit it. If you have deposited a check already, please contact your bank and tell them that it may be part of a scam.

Whether or not you responded to the scam or not, please forward the message (with the email headers) to security@umbc.edu.  We will also keep track of any other information you submit about the scammers, such as their phone numbers if you receive a text message from the malicious actor.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

To read more articles published by DOIT visit: 

https://itsecurity.umbc.edu/critical/?tag=notice. 

https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19

In March 2020, Chatbook, a photo print service, suffered a data breach. Approximately 15 million user records were put up for sale on a dark web marketplace. This information includes email address, names, phone numbers, social media profiles and password. 

19 UMBC accounts were affected by this breach. The affected individuals have been notified via their UMBC emails and/or their alternate emails. If you have a Chatbooks account, please contact them to see if you have been affected by this breach.

This information was provided to Have I Been Pwned(HIBP) by dehashed.com.

For more information about the Chatbooks breach visit:

https://www.bleepingcomputer.com/news/security/chatbooks-discloses-data-breach-after-data-sold-on-dark-web/

To setup a recovery email for your UMBC account follow the instructions here:

https://my3.my.umbc.edu/groups/itsecurity/posts/94776

If you have any questions or concerns email us: security@umbc.edu_________________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. Instructions for doing so can be found at the UMBC support wiki: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity

DoIT Security has received a new variation of a classic get-rich-quick scam, this time claiming to be from a Powerball winner who wishes to distribute millions of dollars, supposedly to lessen the impact of COVID-19. Over 5000 UMBC addresses received emails from this sender, most likely containing the same message.

From: "Bill and Helene" <kkt-co@beige.plala.or.jp>

Subject: We Have Private For Donation

Date: Tue, 11 Aug 2020 14:26:21 +0900

--

The Corona Virus (COVID-19) Outbreak isn't just a major health

crisis -- It's also a large economic disruption leading to people

Losing their Jobs and making it harder to take care of their

Families.

We know that a little financial support can go a Long Way.

I'm Bill Lawrence from Sacramento California the Winner of 150 million

United State Dollars Jackpot from the Power ball lottery held on

December 16, 2019. My Jackpot was a gift from God to me.

Hence my entire Family has agreed to do this.

We are donating $75 million to Help individuals and Small Scale

Businesses around the world.

I write to inform you that Google in alliance with Microsoft and Yahoo has submitted your

"Email" to my request to receive a donation amount of $5,000,000

Please accept this Token as a Gift From me and My Family.

We await your urgent response Via email heleneandbill97@gmail.com

Bill and Helene Lawrence

https://www.powerball.com/winner-story/150-million-powerball-ticket-claimed

Messages like these, which promise large amounts of money, are most likely advance-fee scams. Also known as Nigerian Prince scams, or 419 scams, advance-fee scams promise a large amount of money that can be claimed after paying a comparatively small fee. After a victim pays the fee, the scammer may claim to need another fee, or may vanish. Either way, victims will never receive any money in return.

In addition to the irregular grammar and capitalization, note the From address with a .jp domain, and the time zone, UTC+0900. Both of these indicate that the message originated in Japan, not California. Although the URL provided appears to be legitimate, it does not indicate that the message is really from the Powerball winner. It is always best not to click links in suspicious emails, as they may contain malware, steal personal information, or, as in this case, simply provide misleading information when used in the context of a scam email.

If you do receive any email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

To read more articles published by DoIT visit: 

https://itsecurity.umbc.edu/critical/?tag=notice.

In  the article linked below, the Better Business Bureau is warning of government imposter scams. In these scams, a malicious actor will call or even message the victim claiming to be from a government agency. Their goals are usually to steal the victim’s personal and financial information, to steal the victim’s  money or or to persuade the victim to install malware. 

According to the article, most Americans have encountered this scam before. Research done by the Better Business Bureau found that the Social Security Administration, Service Canada, the Internal Revenue Service (IRS) and the Canada Revenue Agency are among the most impersonated.

Some examples of Social Security-related impersonation scams:

• Increase a benefit: In this scam the malicious actor will claim that the victim is eligible for increased benefits, typically due to a cost of living increase. The malicious actor will request bank account details so that the money can be deposited into the victim’s account. Once the malicious actor has the banking information they are able to steal money from the account.

• Restoring Social Security Number: Some malicious actors will claim the victim's Social Security Number has been suspended. The malicious actor will ask the victim to pay for it to be restored. They may also ask for the victim's Social Security account information, which allows them to apply for benefits under the victims name.

• Social Security Number used in a crime, in this scam the malicious actor will threaten arrest if the victim does not respond immediately.
  
  

When the IRS is used as a cover instead of the Social Security Agency the scams vary, though they have many similarities to the Social Security scams.  For instance,  the malicious actor may claim to be an IRS agent and threaten the victim with arrest for unpaid taxes or even fraud. 

The only way to avoid being arrested, the victim is told,  is by paying a fine (or the unpaid taxes) immediately.  Victims are told to buy gift cards and to provide the caller with the number on the back of each card. But of course these threats are fake, and these are just scammers trying to use fear to get the victims money or information. 

Just as with phishing scams, the malicious actors follow the headlines and change their scams with thet latest news. During the Covid-19 pandemic and after the passage of the Coronavirus Aid, Relief, and Economic Security (CARES) Act, scammers started to claim to be from the CDC or the United States Treasury Department in order to manipulate and steal personal and financial information from victims.

Some examples of Covid-19 related impersonation scams are: 

• Relief benefits: Malicious actors claiming to be from the IRS and offering to expedite benefits under the CARES Act.

• Fake donations: Malicious actors claiming to be from the CDC requesting donations. Email and text messages making these claims may arrive with malware or URLs that could cause harm to the victim's device.

• Contact tracing scams: Email, texts, or messages on social media claiming to be from contact tracers informing the victim that they have come in contact with someone who has tested positive for Covid-19. These scammers seek personal information and/or send messages that may contain malware. For official information on contact tracing efforts in Maryland please visit https://coronavirus.maryland.gov/pages/contact-tracing.

Scammers have also threatened arrest for missing jury duty, impersonated immigration officials threatening to deport the victim, and offered free money in the form of government grants.

Some red flags to watch for to see if the person claiming to be from a government agency is actually a malicious actor:

• The IRS generally first contacts people by the postal mail. Never provide your bank account or other personal information to anyone who calls you.

• Don’t pay by gift cards. The IRS and other government agencies will not idemand or even accept payment using iTunes cards, gift cards, prepaid debit cards, money order, bitcoin or cash.

• The IRS will never request personal or financial information by email, text, or any social media platform. Do not click on any links in unsolicited emails or text messages.

• Social Security numbers are never “suspended”.

• Caller ID cannot be trusted to confirm that the source is from a government agency. Look up the phone number for the agency and call to see if they are really trying to contact you.

• The Social Security Administration will never threaten to arrest you because of an identity theft problem. 

If you do receive any email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

For more information, please check out: 

https://www.bbb.org/article/news-releases/22775-government-impostors-study

To read more articles published by DOIT visit: 

https://itsecurity.umbc.edu/critical/?tag=notice. 

https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19