"Department Admin" Phishing Scam

This past week, UMBC users have reported an increase in the occurrence of a particular phishing attack from a specific domain. This phishing email content is as follows:


“From: UMBC noreply@umbc.edu ctirrell@tds.net <ctirrell@tds.net>
Date: Thu, Jun 13, 2019 at 6:35 PM
Subject: UMBC
To: 


Greetings.

A private message has been sent to you by the Admin department. Click hxxps://www.umbc.edu/ and view your message.

Sign.
HEAD of the department”

(This link has been edited so that in longer points to the suspicious web page)

 

There are many characteristics that lend to this email being considered a phishing email; for example, the vague nature of the email content, coupled with the suspicious source domain and ambiguous signature are red flags when receiving unsolicited emails. In addition to this, hackers often gather information about organizations in order to make their phishing scams more personal and believable. This phishing email in particular was targeted at UMBC faculty and staff where the content of the email presented as being from a trusted entity (head of the department); something phishers often do to scam victims into offering sensitive information, or clicking on malicious links.


If you receive this email, please be aware of its malicious nature and do not click on the link as it points to an unverified web page. The DoIT security group is fully aware of this phishing email and is currently working on fixing the issue. 


If you receive this email or one with related content, please forward it to security@umbc.eduand delete the email immediately.  If you feel your information has been violated in any way, you are encouraged to call UMBC Police at (410) 455-5555.  


For more information regarding phishing and spam FAQs, please see the

PHISHING/SPAM FAQS section of itsecurity.umbc.edu.

Tags:

Posted: June 14, 2019, 11:45 AM