UMBC has recently been the target of an increasing number of phishing messages. These phishing messages appear to come from the UMBC Division of Information Technology or another university official, but they are actually coming from hackers. Over the last few weeks, we have received many reports of phishing messages asking for people to verify their UMBC account by providing their UMBC username and password. Messages have also been received asking for instructions related to wiring money to a bank account.
In almost all phishing messages, there are some typical clues that should cause us all to be suspicious:
- The messages look official but are not sent from a "umbc.edu" email address.
- Some of the messages list a copyright at the bottom.
- Some of the messages include the phrase "All Rights Reserved".
- The messages include a link to a web page that is not on a "umbc.edu" server.
- The message comes from a department that we do not have at UMBC or a person who does not work at UMBC. One of the recent messages claimed to be from the "Security Alert Office". UMBC does not have a department by that name.
All of these are signs of a message that is likely a phishing message.
One last big clue that a message is a suspicious phishing message is in content of the message. DoIT will NEVER ask for a person's username and password as a part of a legitimate support request. We do not need a person's username and password in order to provide assistance or verify an account.
If you do receive a message that you believe is a phishing message, there are a few things that you can do:
- Forward a copy of the message to security@umbc.edu. This will send the message directly to the DoIT IT Security Department. We will review the message and determine if any action is needed.
- Call the group that the message appears to come from on the phone and ask if the message is legitimate. In the case of messages that appear to come from DoIT, please contact the DoIT Technology Support Center at x53838.
If anyone has additional questions about phishing messages or any other computer security topic, please feel free to contact the UMBC IT Security Department at security@umbc.edu.
Mark Cather
Chief Information Security Officer
Division of Information Technology / UMBC