Recently, the Division of Information Technology(DoIT) received reports of a phishing email. The scammers sending these emails are using a forged From address of:
'Admin Server <security@umbc.edu>'.
Below is an example of such an email. For privacy reasons, we removed the recipient’s information..
Please confirm your email account with umbc.edu
@umbc.edu
Attention:
Due to the latest regulations concerning online safety and KYC
procedure ( Know your Customer ), we are sending this urgent notice to all
Email Administrator users, in order to filter real and active accounts.
In order to avoid your @umbc.edu address from being shut down,
please confirm you are still using your account now:
Confirm email account
By logging in, you are confirming that you are still using our services and that the person registered is the person using them.
Here is a screenshot of the same message:
Please note that the Division of Information Technology did not send this email. Visible red flags in this email:
-
The wording. The message is being sent to ‘Email Administrator Users’. That does not really make sense. There is such a thing as an Email Administrator (UMBC has several of them) and such a thing as an Email User (UMBC has a lot of these), but no ‘Email Administrator Users’.
-
The link. If you move your mouse over the button that says ‘Confirm email account’ without clicking , and look at the bottom left of your email window, you will see a link to ‘ https://ipfs.fleek.co/ipfs/QmVTaVBV6f4fVDqvviHL8CBuqpX5ZJX37YVwdNWxC5FDBG/index0000.html#@umbc.edu ’. Use this ‘mouse hover and peek trick before clicking on anything. This link goes to a website at ipfs.fleek.co. That .co at the end is not the same as a .com . Two-letter endings are generally codes for specific countries ( https://en.wikipedia.org/wiki/Country_code_top-level_domain ) The country code ‘ .co ’ is assigned to Columbia. If you can’t think of a good reason for UMBC’s DoIT to refer you to a server registered out of Columbia to ‘confirm’ your email account, BE SUSPICIOUS!
When you become suspicious, send an email to security@umbc.edu . (Don’t worry, when you send it, it will go to the real UMBC IT security group! ) or call the Technology Support Center at 410-455-3838. DO NOT CLICK ON THE LINK!
For more information about phishing, visit: https://itsecurity.umbc.edu/critical/?id=98136 .
If you have received any message similar to the one listed above, please forward it with its headers to security@umbc.edu . For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970 .
______________________________________________________________________________
Receive any suspicious emails?
Forward it to security@umbc.edu along with the email headers. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970 .
Follow us on myUMBC: https://my3.my.umbc.edu/groups/itsecurity .