Cybersecurity Alert: Increase in Phishing Scams

DoIT has detected several sophisticated email phishing scams attempting to steal user account credentials across campus. These scams have directed users to enter their username and password into online forms hosted by Google or monday.com to supposedly prevent account deactivation, or have solicited new (fake) job opportunities. 

How these Scams Work

• Malicious emails disguise themselves as official UMBC communications, potentially using compromised accounts to appear legitimate

• Goal: Trick users into revealing login information or provide personal/financial details

• Compromised accounts are being used to send massive spam campaigns

• Job scam victims may have financial losses

Protect Yourself

• NEVER enter login credentials into any suspicious emails or forms

• NEVER reply to unexpected emails requesting personal information

• NEVER send personal or financial information in an SMS or WhatsApp message to someone you don’t know

• ALWAYS verify the sender's email address carefully

• ALWAYS check for any unusual formatting, strange wording, or suspicious links

Read more about how you can identify phishing here.

If You Receive a Suspicious Email

• Do not click on any links

• Do not download any attachments

• Forward the email to: security@umbc.edu

• Delete the email immediately

Read more about what you can do if you receive a suspicious email here.

If You Believe Your Account Is Compromised

• Change your account password immediately

• Contact UMBC Technology Support Center or IT Security for additional assistance

Stay vigilant. Protect your account. Protect our community.