← Back to News List

Thank you for being part of UMBC (Phishing Edition)

We are glad you are here, but we don't want your password

DoIT is aware of an ongoing phishing campaign targeting faculty and staff. The message arrives in users' inboxes appearing to be a document shared from Google. Within the document there is a link that masquerades as personalized compensation statement, but is actually a form attempting to collect your myUMBC credentials and DUO codes. 

This email is phishing. Please do not enter your myUMBC password or DUO codes on web forms. 

We are working to quarantine the messages and scramble passwords for any account that may have been compromised as a result of the phish. We are asking for your continued diligence as the holiday may affect our ability to get the form taken down. Please do not provide your password or DUO codes on web forms, and forward suspicious messages to security@umbc.edu.

If you did provide your password or DUO code, please change your password and reach out to us at security@umbc.edu as soon as possible. Instructions on how to change your password can be found here: https://umbc.atlassian.net/wiki/spaces/faq/pages/30736465/How+do+I+change+my+myUMBC+password

Thanks again and hope everyone has a Happy 4th of July!!
Screenshot of the phishing form thanking the recipient for being a part of UMBC. The screenshot has a link that says View Your Statement.
Tags:

Posted: July 4, 2025, 2:43 PM

Read Original Post in myUMBC