DoIT Alerts

Dear UMBC Community,

It has come to our attention that a new wave of a popular scam has emerged. Scammers are impersonating faculty or someone with a high degree of trust among the community. In some cases, this may appear to come from a UMBC account.

The scam usually begins with a story of someone with a few high-value items going through a rough patch of life. The story claims that the person lost a loved one who owned high-value items or is relocating and has to empty their apartment of valuable items ASAP. They go on to "generously" offer those high-priced items for FREE!

These items can be an expensive digital camera, a pricey violin, a collector's guitar, or a cherished baby grand piano. But it wouldn't be a scam if there wasn't a catch. The scammers only ask you to cover the shipping costs for delivering the items to your location. They generally ask that you contact them outside of the UMBC.edu domain, either via email or phone. Once an external contact is established, scammers build rapport and ask for personal information, such as mailing addresses, to process a "shipping fee."

Once a payment is made to scammers, users are generally ghosted and calls/texts go unanswered. If you believe you have been a victim to such a scam, please contact law enforcement for assistance.

Be vigilant and look for the following signs:

• A story that is too good to be true ("granny was a musical prodigy and we are giving away her collection for free!")
• Urgency in communication ("items are only available to the first person who reaches out!")
• Moving to outside platforms ("text me on my cell number!")
• Unusual request for personally identifiable information ("What's your mailing address?")
• Financial requests that are not secure or traceable ("send me the money via a digital wallet!")

For more information about this, please refer to these resources: 

1. How can I identify phishing?
2. How Can I Avoid Identity Theft?

 

If you suspect a phishing or scam attempt, do not reply, click any links, open any attachments, or provide your information. Instead, forward the email immediately to the security team at security@umbc.edu. Your report helps protect everyone!

 

Thank you all for your continued awareness and assistance in keeping our community secure.

Cybersecurity Assurance and Digital Trust
UMBC Division of Information Technology (DoIT)

Dear UMBC Community,

Imagine a stranger secretly using your home internet or your laptop to hide their tracks. Recently, security experts have found that certain apps are doing exactly that! They are secretly turning personal devices into "digital masks" for cybercriminals. 

When you download a seemingly harmless app, it may contain hidden code that shares your internet connection with a global network of hackers. This makes their activity look like it is coming from your device and our campus.

How to spot strange activity on your device:

Your device might be working for someone else if you notice: 

• Performance Issues: Your phone or laptop suddenly runs slowly, gets hot for no reason, or has a battery that dies much faster than usual.
• High Data Usage: You see a massive spike in your internet data usage that you can't explain. 

Tips to keep your tech private: 

• Look Before You Click: Even in official app stores, check the reviews. If a simple app (like a flashlight or a calculator) asks for permission to access your files, contacts, or location, it's a red flag. 
• Beware of the "Too Good to Be True": Be skeptical of "cracked" software or free versions of paid apps. They often come with a hidden "tax" on your security. 
• Cheap Smart Tech: Very inexpensive "Smart Home" or Internet of Things (IoT) devices often have weak security, making them easy targets for hackers. 

What to do if you suspect trouble: 

If your device is acting strangely or you receive a suspicious email, do not click any links. Please forward any suspicious emails to the security team at security@umbc.edu.  

If you suspect a phishing or cybersecurity attempt, do not reply, click any links, or open any attachments. Instead, forward the email immediately to the security team at security@umbc.edu. Your report helps protect everyone!

Thank you all for your continued awareness and assistance in keeping our community secure.

Cybersecurity Assurance and Digital Trust
UMBC Division of Information Technology (DoIT)

 

Dear UMBC Community,

Imagine a stranger secretly using your home internet or your laptop to hide their tracks. Recently, security experts have found that certain apps are doing exactly that! They are secretly turning personal devices into "digital masks" for cybercriminals. 

When you download a seemingly harmless app, it may contain hidden code that shares your internet connection with a global network of hackers. This makes their activity look like it is coming from your device and our campus.

How to spot strange activity on your device:

Your device might be working for someone else if you notice: 

• Performance Issues: Your phone or laptop suddenly runs slowly, gets hot for no reason, or has a battery that dies much faster than usual.
• High Data Usage: You see a massive spike in your internet data usage that you can't explain. 

Tips to keep your tech private: 

• Look Before You Click: Even in official app stores, check the reviews. If a simple app (like a flashlight or a calculator) asks for permission to access your files, contacts, or location, it's a red flag. 
• Beware of the "Too Good to Be True": Be skeptical of "cracked" software or free versions of paid apps. They often come with a hidden "tax" on your security. 
• Cheap Smart Tech: Very inexpensive "Smart Home" or Internet of Things (IoT) devices often have weak security, making them easy targets for hackers. 

What to do if you suspect trouble: 

If your device is acting strangely or you receive a suspicious email, do not click any links. Please forward any suspicious emails to the security team at security@umbc.edu.  

If you suspect a phishing or cybersecurity attempt, do not reply, click any links, or open any attachments. Instead, forward the email immediately to the security team at security@umbc.edu. Your report helps protect everyone!

Thank you all for your continued awareness and assistance in keeping our community secure.

Cybersecurity Assurance and Digital Trust
UMBC Division of Information Technology (DoIT)

While many of us have been busy digging out from the snow and trying to stay warm, this week, January 26–30, is Data Privacy Week. This international effort empowers individuals and organizations to respect privacy, safeguard data, and enable trust. For me, the timing prompted an important moment of reflection on the work I have been fortunate to be part of over the past two years, and on where UMBC is headed as we continue to build a mature, thoughtful, and values-driven approach to privacy.

From Research to Implementation

My name is Dr. Laura Mateczun, and my privacy work at UMBC began as a Ph.D. graduate assistant working with Vice President for Information Technology and Chief Information Officer, Jack Suess, on the implementation of Maryland's Higher Education Data Privacy Law during FY24, while I was completing my doctoral research. In April 2025, I successfully defended my dissertation and was conferred my Ph.D., and shortly thereafter, joined UMBC full-time in a hybrid role.

Today, I serve in two key roles: 

• Assistant Director of Digital Trust: Within the Division of IT's Cybersecurity Assurance & Digital Trust team, led by CISO Stacy Cahill, I focus primarily on privacy strategy.
• Assistant Director of the UMBC Cybersecurity Institute: I develop partnerships to expand cybersecurity initiatives and research. In this role, I also direct the UMBC Cybersecurity Clinic, an experiential learning program where students help public-sector organizations—such as water systems and electrical grids—strengthen their cyber defenses.

Milestones in Transparency

One of our most significant privacy milestones has been the launch of privacy.umbc.edu. We intentionally designed this site to be more than just a compliance requirement. It is a living resource for our community. It explains how data is used, protected, and governed at UMBC in clear, accessible language. While we drew inspiration from peer institutions, including the University of Michigan, the content is uniquely tailored to reflect UMBC's culture, values, and operational realities.

The Path Ahead

Looking forward, our vision extends far beyond a single website or law. Alongside Stacy Cahill and partners across campus, we are working to embed privacy into everyday decision-making. This will impact how we procure new systems and how we share and eventually retire data.

Our goals include:

• Strengthening privacy governance and transparency.
• Supporting responsible research and innovation.
• Helping students and staff understand their vital role in protecting data.

We also launched UMBC's new cybersecurity newsletter, which highlights important developments in cybersecurity and privacy, shares timely tips and resources, and spotlights work across campus that helps us all protect data and manage risk. If you're interested in staying informed about privacy and cybersecurity efforts at UMBC, I encourage you to subscribe.

A Commitment to Stewardship

Data Privacy Week is a reminder that privacy is not a one-time project. It is an ongoing commitment to trust, stewardship, and accountability. I am grateful to be part of a community that takes this work seriously, and I am excited about where UMBC is headed as we continue to grow our privacy program in the years ahead.

For more information about UMBC's privacy efforts, I encourage you to visit privacy.umbc.edu, and to follow the work of the UMBC Cybersecurity Institute as we continue to advance security and privacy in service of our campus and the broader public.

Dr. Laura Mateczun

Associate Director of Digital Trust

Assistant Director of UMBC Cybersecurity Institute

Director of UMBC Cybersecurity Clinic

lam6@umbc.edu

 

Hello UMBC,

Cybersecurity isn't just a task for IT, it's a 24/7 commitment for our entire community. To help you navigate the ever-changing digital landscape, we are excited to launch the first edition of our cybersecurity newsletter.

In this inaugural issue, we dive into:

• Phishing Defense: How to spot "too good to be true" offers and urgent scams.
• Travel Safety: Keeping your data secure while researching or vacationing abroad.
• Latest Threats: Why you should be wary of TikTok scams and "Quishing" (QR code phishing).
• Policy Updates: Key changes to UMBC's Acceptable Use and Data Protection policies.

Read the newsletter attached!

Remember: If an email feels "off," it probably is. Forward suspicious messages to security@umbc.edu and help keep our campus secure.

Stay smart and stay safe!

  

 - Stacy Cahill

Chief Information Security Officer

University of Maryland, Baltimore County

• Attached Document for Launching DoIT's Cybersecurity Newsletter