Recently DoIT has been notified of a phishing email scam where the malicious actor is impersonating a UMBC staff member. The name has been removed from the From for privacy reasons, but an example of the email can be seen below:
From: Forged Name <hjacj00909@gmail.com> Date: Mon, Aug 3, 2020 at 1:20 PM Subject: Urgent To: <@umbc.edu> I have a task I need you to get done for me Asap, I want to send out a couple gifts cards to some selected staffs, even though we all put in all our best to move this organization forward, some individuals really stand out and I want to surprise them with a little gifts.this is really urgent and important, Please let me know if you can head out to purchase the gift cards so I can advise certain product and denominations. Thanks |
The phishing email above not only is impersonating a UMBC staff member, but the email has many grammatical mistakes, and there is a feeling of urgency with the subject line “Urgent” and words like “ASAP” being used. These are just some of the examples of the red flags for identifying this and other phishing email scams.
The main goal of this phishing email scam is to get the users to purchase the gift cards and give the gift codes to the malicious actors. Other scams similar to this one might ask for products like iTunes cards, gift cards, prepaid debit cards, or even bitcoin.
If you do receive this or a similar email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu.
How do I forward full email headers?
https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970
To read more articles published by DOIT visit:
https://itsecurity.umbc.edu/critical/?tag=notice.
https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19
For more information on a similar scam to the one above:
https://itsecurity.umbc.edu/critical/?id=94550