The Division of Information Technology( DoIT) recently received reports about an “account upgrade” phishing email. Below is an example of such an email. We removed the recipient’s information for privacy reasons.
|
From: support <noreply@umbc.edu> Date: Sat, Aug 28, 2021 at 5:49 PM Subject: EMAIL ACCOUNT UPGRADE To: <UMBC ID@umbc.edu> |
This email was spoofed to impersonate <noreply@umbc.edu>; however, after investigating the headers, we realised it originated from <raaympex@yandex.com>. By clicking the upgrade button, it will redirect you to a website that looks similar to umbc.edu. Afterwards, you will receive a pop-up saying, “your session expired.” See below.
The background is umbc.edu, but the pop-up is from a completely different website, <https://firebasestorage.googleapis.com>. The link in the email is similar to the one listed below. The only difference is that your campus ID will change depending on the recipients.
If you have received this email, please DO NOT CLICK on the link. However, if you have clicked on the link, DO NOT ENTER your password. If you entered your UMBC password, immediately change your password.
If you have received any message similar to the one listed above, please forward it with its headers tosecurity@umbc.edu. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.
______________________________________________________________________________________________________________________________________
Receive any suspicious emails?
Forward it to security@umbc.edu along with the email headers. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.
Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity.