Dear UMBC Community,
Congratulations to our graduates and we are so excited that summer is finally here! This is a reminder to the entire UMBC community that phishing emails don’t take a vacation. Stay aware of those phishing campaigns and look out for the following signs:
🚩Urgent Language: You are relaxing on a cruise and get an email with the subject: “You will lose access to your account NOW if you don’t click this link!” Enjoy the sunshine and don’t fall for the attacker’s message.
🚩Questionable Context and Legitimacy of the Sender: The email seems to be coming from an authority figure, but either you don’t usually communicate with them, or they usually don’t have requests of that nature.
🚩Asking for Passwords in Google Forms: If you clicked on a link and it immediately asked for your password, check the full URL first. If the URL in the address bar does not match the webauth URL, or if you landed on a Google Form, then do not enter your password!
🚩Requests to copy commands into the Run or Terminal prompts: If you get presented with a CAPTCHA challenge and are asked to copy a command to proceed, please don’t take the bait. Copying commands into a command prompt can infect your machine with malware or an information stealer. (Example below)
How to stay safe:
-
Don’t click on links that look phishy.
-
Don’t open any attachments you were not expecting.
-
Don’t accept push notifications when you did not initiate them.
-
Don’t paste any commands into the terminal.
-
Forward any suspicious emails to Security at security@umbc.edu and check out our Traveling with UMBC Equipment FAQ!
-
Enjoy your summer!
For more information, please refer to our Cybersecurity Newsletter. Thank you all for your continued awareness and assistance in keeping our community secure!
Cybersecurity Assurance and Digital Trust
UMBC Division of Information Technology (DoIT)