DoIT was notified today of a scammer sending out emails claiming to be offering a job opportunity. The message came from a compromised Umbc email account, so the From name was removed for privacy in the example below.
From: COMPROMISED ACCOUNT <@umbc.edu> Date: Wed, Aug 26, 2020 Subject: WorkStudy Offer! To: Good morning! I hope you are well. I would like to share with you this job opportunity,you could earn between $100- $240 weekly. This opportunity is only part time and is not expected to clash with your current school/study schedule.Kindly send in an instant reply if you are in search of a job so you can receive further information |
If the victim responds showing interest they will receive a message from a different email address <careerjobsdepartment@outlook.com> and this email will contain a malicious URL. The scammer is seeking personal information such as name, phone number, email address, home address, age and current occupation. It also invites the victim to ‘tell a bit about themselves’ in a free-form text box.
This first email shows a few red flags. For instance, some parts of the message have no spacing, an example of this is “schedule.Kindly”. The email also expresses a sense of urgency with the email asking for the victim to send an “an instant reply.”
<careerjobsdepartment@outlook.com> responded: Thank you for your interest in the available job position, kindly click on the URL below to view the application portal https://tinyurl .com/JOB-UPDATE |
If you do receive this or a similar email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu.
How do I forward full email headers?
https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970
To read more articles published by DOIT visit:
https://itsecurity.umbc.edu/critical/?tag=notice.
https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19