DoIT Alerts

Dear UMBC Community,

It has come to our attention that a new wave of a popular scam has emerged. Scammers are impersonating faculty or someone with a high degree of trust among the community. In some cases, this may appear to come from a UMBC account.

The scam usually begins with a story of someone with a few high-value items going through a rough patch of life. The story claims that the person lost a loved one who owned high-value items or is relocating and has to empty their apartment of valuable items ASAP. They go on to "generously" offer those high-priced items for FREE!

These items can be an expensive digital camera, a pricey violin, a collector's guitar, or a cherished baby grand piano. But it wouldn't be a scam if there wasn't a catch. The scammers only ask you to cover the shipping costs for delivering the items to your location. They generally ask that you contact them outside of the UMBC.edu domain, either via email or phone. Once an external contact is established, scammers build rapport and ask for personal information, such as mailing addresses, to process a "shipping fee."

Once a payment is made to scammers, users are generally ghosted and calls/texts go unanswered. If you believe you have been a victim to such a scam, please contact law enforcement for assistance.

Be vigilant and look for the following signs:

• A story that is too good to be true ("granny was a musical prodigy and we are giving away her collection for free!")
• Urgency in communication ("items are only available to the first person who reaches out!")
• Moving to outside platforms ("text me on my cell number!")
• Unusual request for personally identifiable information ("What's your mailing address?")
• Financial requests that are not secure or traceable ("send me the money via a digital wallet!")

For more information about this, please refer to these resources: 

1. How can I identify phishing?
2. How Can I Avoid Identity Theft?

 

If you suspect a phishing or scam attempt, do not reply, click any links, open any attachments, or provide your information. Instead, forward the email immediately to the security team at security@umbc.edu. Your report helps protect everyone!

 

Thank you all for your continued awareness and assistance in keeping our community secure.

Cybersecurity Assurance and Digital Trust
UMBC Division of Information Technology (DoIT)

The Division of Information Technology (DoIT) is thrilled to announce that Bill Mehrz has been awarded the November DoIT Gritty Award! This recognition celebrates Bill's outstanding contributions to DoIT and the entire UMBC community, embodying the spirit of going above and beyond in his work.

Cybersecurity Awareness: Timely, Relevant, and Fun

Bill earned this well-deserved award through his truly exceptional planning and execution of this year's Cybersecurity Awareness activities. He designed an awareness campaign that was not only timely and relevant but also genuinely fun and engaging.

• He incorporated current, relevant threats into weekly awareness posts (available on the my3.my.umbc.edu/groups/itsecurity/posts group and the doit.umbc.edu/ homepage). Topics covered included Phishing scams, Duo Fraudulent Notifications, ClickFix scams, and banking scams.
• Bill made cyber awareness fun by organizing tabling events near the Commons to directly engage the student population. The in-person efforts included a catching fish game, Swedish fish treats, and cyber plastic cups.
• He also coordinated a Cybersecurity Trivia game for the monthly divisional all-staff meeting, co-hosted with Anna Plass, to test and reinforce the team's knowledge.

His efforts have dramatically increased cybersecurity awareness on campus, engaging his peers to become champions of awareness. A measurable result of this campaign is the dramatic increase in the reporting of phishing emails! DoIT staff will also remember his effective call to action to not enter passwords into Google Forms.

Professionalism Under Pressure

What makes Bill's achievement even more remarkable is that he accomplished all of this while simultaneously transitioning our semi-annual IT Cybersecurity control validations to OnSpring, a substantial effort in itself.

Furthermore, the extensive planning for the October campaign had to be meticulously detailed as Bill was anticipating the birth of his second child right before October began! His professionalism, detailed approach, and understanding of the importance of cybersecurity ensured seamless teamwork in selecting topics, gathering feedback, and coordinating the in-person activities despite the personal demands.

We are proud to present Bill Mehrz with the DoIT Gritty Award. Congratulations, Bill!

About the DoIT Gritty Award

The Gritty Award is in recognition of outstanding work within the Division and beyond. Full-time DoIT employees, DoIT student employees, and teams are eligible to be nominated for going above and beyond! Anyone in DoIT can nominate someone for the Gritty by completing this short Gritty Nomination Form. 

 

The DoIT Community & The DoIT Gritty Committee

 

Erica D'Eramo

Ada Crutchfield

Andrew Shebest

Anthony Finneran

Carlos McKinney

Daniel Loftus

Dave Souder

David Toothe

Debbie Michaels

Dondre Hatef

Josh Abrams

Khalil Alston

Matt Baker

Nick Beech

Peter Ariev

• Attached Image for November DoIT Gritty Award Winner: Bill Mehrz Elevates Cybersecurity Awareness at UMBC

Hello UMBC Community!

The Cybersecurity Assurance and Digital Trust Department in the Division of Information Technology has some tips for you to stay safe from financial scams that have recently taken place.

Attackers send phishing emails to trick unsuspecting victims into providing their user ID, password, and multifactor codes. Often, these phishing lures contain a link that redirects the user to a login page.

DoIT has observed cases where the attackers are mirroring legitimate login screens to capture credentials and multifactor authentication (MFA) codes in real time. The only indicator that something is amiss is the URL in the address bar.

Follow these general tips to safeguard your financial data and funds:

1. Use Strong & Unique Passwords: Never reuse your UMBC password on other platforms — including financial services such as BankMobile. Create unique passwords for each separate account.
2. Periodically Verify Your Personal Information: Log into your accounts and make sure all your information, such as linked financial accounts, billing address, phone number, and email addresses are correct.
3. Check the Link: Look over URLs and ensure you are accessing a trusted service. If you see a login page but the URL does not look legitimate, do not provide your password or MFA codes. It is best practice to bookmark trusted services to navigate to them directly.
4. Don't Give Away Your Secrets: UMBC and your financial institutions will never call, email, or text you to ask for your password or MFA codes.

If you give someone your password and MFA codes, you are handing them the keys to your account. This could result in financial loss or unauthorized activity for which you may be held responsible.

If you see something, say something! Report all phishing emails to security@umbc.edu.

 

Stay smart, stay safe!

Hello UMBC Community!

The Cybersecurity Assurance and Digital Trust Department in the Division of Information Technology has some tips for you to stay safe from financial scams that have recently taken place.

Attackers send phishing emails to trick unsuspecting victims into providing their user ID, password, and multifactor codes. Often, these phishing lures contain a link that redirects the user to a login page.

DoIT has observed cases where the attackers are mirroring legitimate login screens to capture credentials and multifactor authentication (MFA) codes in real time. The only indicator that something is amiss is the URL in the address bar.

Follow these general tips to safeguard your financial data and funds:

1. Use Strong & Unique Passwords: Never reuse your UMBC password on other platforms — including financial services such as BankMobile. Create unique passwords for each separate account.
2. Periodically Verify Your Personal Information: Log into your accounts and make sure all your information, such as linked financial accounts, billing address, phone number, and email addresses are correct.
3. Check the Link: Look over URLs and ensure you are accessing a trusted service. If you see a login page but the URL does not look legitimate, do not provide your password or MFA codes. It is best practice to bookmark trusted services to navigate to them directly.
4. Don't Give Away Your Secrets: UMBC and your financial institutions will never call, email, or text you to ask for your password or MFA codes.

If you give someone your password and MFA codes, you are handing them the keys to your account. This could result in financial loss or unauthorized activity for which you may be held responsible.

If you see something, say something! Report all phishing emails to security@umbc.edu.

 

Stay smart, stay safe!

 

Hello UMBC Community,

In the digital world, Phishing is one of the most used forms of cyber trickery where attackers impersonate trusted sources to deceive you into handing over credentials or personal information. These attacks come in various forms. Learning about them will help you not fall victim to those emails.

Phishing attacks are emails that may look like important messages but are actually crafted by cyber criminals. The good news? With the right knowledge, you can foil their tricks and keep yourself and UMBC safe. These are some tips on how you can recognize phishing emails:

1. Requests for Your Password: UMBC will never ask for your password. Never submit your password on Google forms or Monday.com forms. Your password is for your eyes only!

2. Unexpected Calendar Invitations: Watch out for calendar invites from unknown senders. Delete them and never click suspicious links inside.

3. Fraudulent Offers: Be wary of unsolicited offers for gift cards or jobs that are too promising. Do not send your personal or financial information to anyone who requests it over email or text. Real job postings are on Handshake only!

4. Unexpected Attachments or Links: Did someone send you a weird file or link you weren't expecting? Is a link in an email suspiciously short or strange-looking? If it feels off, don't click or download it.

5. A Sense of Urgency: Phishing emails often try to rush you into action, like claiming your account will be "deactivated" if you don't click a link immediately. Always be suspicious of urgent, high-pressure requests.

6. Poor Grammar and Spelling: While not always a giveaway, many phishing emails contain noticeable spelling errors or awkward phrasing.

What to do if you get a suspicious email:

If you suspect an email is a phishing attempt, do not reply, click any links, or open any attachments. Instead, forward the email immediately to the security team at security@umbc.edu. Your report helps protect everyone!

Stay vigilant, and together we can keep our digital environment safe.

• Attached Newsletter for Don't Take the Bait! How to Spot a Phishing Scam
• Attached Image for Don't Take the Bait! How to Spot a Phishing Scam