Initial Scam Message
From: COMPROMISED ACCOUNT <@umbc.edu> Date: Fri, Aug 28, 2020 at 7:47 AM Subject: WorkStudy Update! To: Good morning! My name is <COMPROMISED ACCOUNT>and i currently work with the UMBC educational planning center and i would like to inform you that there is a job opening opportunity available to you, This opportunity is only part time and is not expected to clash with your current school/study schedule.Kindly send in an instant reply if you are in search of a job so you can receive further information.. |
Follow-up Scam Message
From: career management jobs <careerjobsdepartment@outlook.com> Date: Fri, Aug 28, 2020 at 8:48 AM Subject: Re: WorkStudy Update! To: <@umbc.edu> Hello <NAME> Thank you for your interest in the available job position, kindly click on the URL below to view the application portal https://tinyurl .com/JOB-UPDATE |
The first email is similar to a recent trend in phishing campaigns that we have recently seen, except this one uses the compromised account holder’s name in the email message and has changed the subject to “WorkStudy Update!” These campaigns, even if sent from different users with different subjects do seem to have a pattern of using “WorkStudy” in the subject as well as having a similar email format for both messages.
If the user does respond to the first message showing interest, they will receive the second message from a different email address. This is because in the email headers of the first email from the UMBC account, the reply-to is set to the <careerjobsdepartment@outlook.com> so instead of the user emailing the <@umbc.edu> email they are emailing the scammer directly.
The second email contains a link to a malicious site. If you do receive this email please do not click on the URL. In previous similar scams, the scammer is seeking personal information such as name, phone number, email address, home address, age and current occupation. It also invites the user to ‘tell a bit about themselves’ in a free-form text box.
If you do receive this or any other email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu.
How do I forward full email headers?
https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970
To read more articles published by DOIT visit: