Whether you are a student, teacher, or any other faculty member, we all have different goals and aspirations in our everyday lives at UMBC. What we all have in common in this community is making sure our personal information stays secure. One issue you must be aware of is the phishing that many accounts have encountered.
Phishing is the use of deception to acquire sensitive information from a person. One strategy of this is where hackers create fake emails to connect to a number of users. This strategy is very common, and surprisingly many users fall into this trap simply for lack of knowledge. Phishing is very threatening because when it is successful, cybercriminals may gain access to your personal information and potentially stealing money. This could result in financial loss.
DoIT has recently been notified by several users that they have received what appear to be phishing attempts. These messages may demand the user to pay a ransom to prevent the release of potentially damaging information (a process known as sexploitation, from sexual exploitation), purchase illegitimate computer software to ensure system stability, or ask if the user is available to purchase gift cards. These messages are coming from fake email accounts pretending to be supervisors, admins, staff members, or other well-known people. If you receive an email that is from a high-profile or an authoritative person at UMBC, please be alert and make sure the email is from an authentic source.
If you receive an email that is not from a umbc.edu account, please be aware that this email can potentially be a phishing attempt. You can verify whether or not the message is authentic by checking the email address. Some of the phishing emails that have been reported came from “my.com” and “firstname.lastname@example.org” accounts. Another strategy is seeing what they are asking for. Phishing messages tend to demand for money in unusual circumstances. Also, it is valuable to analyze the “from,” “to,” “date,” and “subject” line of the email. If some or all of these components seem to be illogical, you can send a message to email@example.com and they will assist you to finalize the emails legitimacy.
DoIT is currently working on this issue and has notified the site owner whenever a phishing email has been reported. If you see an email that does not seem to be authentic, take a step back, slow down, stay focused, and think before you go any further with the suspicious email and respond accordingly.