Phishing Alert: You have (#) new pending incoming emails
A New Twist On Phishing
The Division of Information Technology (DoIT) recently received reports of a new form of phishing campaign. This campaign informs recipients that they have “# new pending incoming emails” where # represents some actual number. Below are examples of the different kinds of emails that we received. We removed the recipients’ information for privacy purposes.
From: Email Administrator <noreply-mailbox@umbc.edu> Date: Sat, Sep 11, 2021 at 7:52 AM Subject: You have (4) new pending incoming emails To: <CampusID@umbc.edu>
|
This example originated from <noreply-mailbox@umbc.edu>, which looks like a UMBC account; however, this account was spoofed. An outside person created this @umbc.edu email for phishing purposes.
Below is another similar email that is spoofed. It originated from <cpanel@umbc.edu>, which is also not a UMBC account.
From: Mail Delivery System <cpanel@umbc.edu> Date: Fri, Sep 10, 2021 at 9:09 AM Subject: Mail delivery failed: <CampusID>@umbc.edu have 6 Pending incoming messages. To: <CampusID@umbc.edu> You have Incoming Pending Messages The following messages have been blocked by your mail-server due to validation error. You have six pending messages .
Note: The messages will be delivered within 1-2 hours after you receive a confirmation mail notice. This message was sent by the MailDaemon server umbc.edu notification. Thank you!
Copyright© 2021 Webmail, Inc. |
The links in both of these emails will take you to separate domains https://sign-in-verification-929bb.web.app and https://firebasestorage.googleapis.com respectively. The links in these emails will ask you to sign in. By signing in, they will be able to steal your passwords.
Below is a copy of the https://sign-in-verification-929bb.web.appwebsite. The Firebase page has been removed.
If you have received this email, please DO NOT CLICK on the link. However, if you have clicked on the link, DO NOT ENTER your password. If you entered your UMBC password, immediatelyCHANGE YOUR PASSWORD.
If you have received any message similar to the one listed above, please forward it with its headers tosecurity@umbc.edu.
______________________________________________________________________________________________________________________________________
Receive any suspicious emails?
Forward it to security@umbc.edu along with the email headers. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.
Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity.
Posted: October 11, 2021, 10:21 AM