← Back to News List

Spear Phishing Attacks On The Rise

Community members being targeted for gift card scams

The DoIT Security Group has received reports of a phishing scam targeting the UMBC community.  Please be aware that hackers are sending these email messages to students, faculty, and staff.

The phishing email contents are similar to the following:
    Subject: On Campus and Available?
    Are you available?I need you to handle something for
    me Now, i'm currently in a meeting with the International
    Advisory Committee (IAC) with limited phone call
    ( phone got broken) and also experiencing some
    difficulties at the moment, just reply to my e-mail as
    soon as you get this. Are you available?
    Best Regards
    (Academic Department Chair)
    University of Maryland Baltimore County
    1000 Hilltop Circle
    Baltimore, MD 21250
    Sent from my iPad, please excuse any typos or
    strange auto-corrections”

There are many characteristics that raise suspicions that this is a phishing email; for example, the vague nature of the email content and poor grammar are red flags. Also, the unrelated nature of the email should be an initial giveaway.

However, the biggest concern is the hacker posing as a trusted entity. In this email, they use a specific form of phishing known as spear phishing to target specific members of the UMBC community. Attackers often gather information about organizations in order to make their phishing scams more personal and believable. Here, the hacker impersonates a number of UMBC personnel in order to target staff within the corresponding departments from the impersonated individuals. 

The best defense against spear phishing is vigilance. If you receive this email, please be aware of its malicious nature and do NOT reply to it. Replying to this email could further engage the hacker in hopes that you’ll reveal sensitive information that could compromise your online and physical safety.

If you receive this email or one with related content, please forward it to security@umbc.edu with full headers (directions can be found here: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970) and delete the email immediately.  If you feel your information or safety has been violated in any way, you are also encouraged to call UMBC Police at (410) 455-5555.  

For more information regarding phishing and spam FAQs, please see the PHISHING/SPAM FAQS section of itsecurity.umbc.edu.

Posted: December 10, 2019, 4:36 PM