← Back to News List

Likely Phishing Website Found

It Looks Designed To Attack UMBC

The UMBC Division of Information Technology (DoIT) has been notified of a website that appears to have been set up for future phishing attacks on UMBC account holders.  If you see a link or any reference to this site, DO NOT CLICK ON IT!

The site is: umbc. edu. sunward-travel. com  (Spaces are inserted here in the site’s address to ensure that it will not show up as a link in your browser.)


The site’s SSL certificate, the thing responsible for the lock icon in your browser’s navigation bar, is valid through this summer until Sep 13, 2022. The time span suggests that it could be used for phishing attacks towards the end of the summer when people often take vacations, or during the start of classes when people are getting lots of email as the academic schedules get sorted out.  


The site name contains the text ‘umbc.edu’, though not as part of the UMBC domain.  If someone receives an email referencing this site, a quick glance can pick up on the ‘umbc’ and make the site seem legitimate.  It is not a UMBC site!


If you receive a message with a link to this site, please forward it to security@umbc.edu

DO NOT CLICK ON IT!



References:


Understanding Padlocks on Browsers

https://medium.com/xebia-engineering/understanding-padlocks-on-browsers-ba411e5b826

HTTPS and the Lock Icon

https://crypto.stanford.edu/cs142/lectures/24-https.pdf

Tags:

Posted: July 29, 2022, 4:58 PM