Phishing & Spam
Phishing attacks have been a problem for many years. Typically, hackers send messages asking members of our community to click a link or reply to an email message with a password. Their goal is to trick our community members into giving them access to our accounts, sensitive information, or to steal money. Sometimes, they pretend to be DoIT and send messages asking for your password, or telling you that there is a problem with your UMBC account. UMBC will never ask for your account password by email.
Recently, hackers have expanded their efforts by sending spoofed (forged) messages as people from the campus community using that person’s name and title to request information. They try to choose a name or title that the community would trust. For example, hackers have requested that our users wire money out of the campus, send checks to outside addresses, purchase money orders for job scams, and send gift cards at the behest of administrators. They have also requested that people send files containing the social security numbers of community members. In some cases, they have also impersonated UMBC vendors. In each of these examples, they have tried to make their phishing messages appear to come from a person that the campus would trust.
Hackers are motivated by money, resources, status, and lots of other reasons - or no reason at all. They will continue to try to get to our accounts, information, and resources. While DoIT has incorporated several technological measures to counter these threats, hackers are adding sophisticated social engineering messages to their toolkit. Users must know to look out for these red flags, and report any suspicious messages to security@umbc.edu.
