The DoIT Security Group has received reports of a phishing scam targeting the UMBC community. Please be aware that hackers are sending these email messages to students, faculty, and staff.
The phishing email contents are similar to the following:
--------------------------------------------------------------- Subject: On Campus and Available? To: Are you available?I need you to handle something for me Now, i'm currently in a meeting with the International Advisory Committee (IAC) with limited phone call ( phone got broken) and also experiencing some difficulties at the moment, just reply to my e-mail as soon as you get this. Are you available? Best Regards (Academic Department Chair) University of Maryland Baltimore County 1000 Hilltop Circle Baltimore, MD 21250 Sent from my iPad, please excuse any typos or strange auto-corrections” ---------------------------------------------------------------
There are many characteristics that raise suspicions that this is a phishing email; for example, the vague nature of the email content and poor grammar are red flags. Also, the unrelated nature of the email should be an initial giveaway.
However, the biggest concern is the hacker posing as a trusted entity. In this email, they use a specific form of phishing known as spear phishing to target specific members of the UMBC community. Attackers often gather information about organizations in order to make their phishing scams more personal and believable. Here, the hacker impersonates a number of UMBC personnel in order to target staff within the corresponding departments from the impersonated individuals.
The best defense against spear phishing is vigilance. If you receive this email, please be aware of its malicious nature and do NOT reply to it. Replying to this email could further engage the hacker in hopes that you’ll reveal sensitive information that could compromise your online and physical safety.
If you receive this email or one with related content, please forward it to security@umbc.edu with full headers (directions can be found here: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970) and delete the email immediately. If you feel your information or safety has been violated in any way, you are also encouraged to call UMBC Police at (410) 455-5555.
For more information regarding phishing and spam FAQs, please see the PHISHING/SPAM FAQS section of itsecurity.umbc.edu.