← Back to News List

Phishing Alert: You have (#) new pending incoming emails

A New Twist On Phishing

The Division of Information Technology (DoIT) recently received reports of a new form of phishing campaign. This campaign informs recipients that they have “# new pending incoming emails” where # represents some actual number.  Below are examples of the different kinds of emails that we received. We removed the recipients’ information for privacy purposes.

From: Email Administrator <noreply-mailbox@umbc.edu>

Date: Sat, Sep 11, 2021 at 7:52 AM

Subject: You have (4) new pending incoming emails

To: <CampusID@umbc.edu>


You have (4) new pending incoming emails 

Your allowed Email Quota usage has been exceeded on your account.


Please kindly verify your Human and not a robot by following the below link, so we can get your account running normal again. 


Verify Email Account


If no action is taken, you may cease to receive incoming emails


This Email was sent to <CampusID>@umbc.edu as a User from umbc.edu Mail Box Admin

This example originated from <noreply-mailbox@umbc.edu>, which looks like a UMBC account; however, this account was spoofed. An outside person created this @umbc.edu email for phishing purposes. 

Below is another similar email that is spoofed. It originated from <cpanel@umbc.edu>, which is also not a UMBC account.

From: Mail Delivery System <cpanel@umbc.edu>

Date: Fri, Sep 10, 2021 at 9:09 AM

Subject: Mail delivery failed: <CampusID>@umbc.edu have 6 Pending incoming messages.

To: <CampusID@umbc.edu>

You have Incoming Pending Messages

The following messages have been blocked by your mail-server due to validation error.

You have six pending messages .


Incoming  Messages:

Status :




Fwd: Payment  ------ forwarded message ----  

07:17 am


We didn't receive any reply from you CALL ME 

07:21 am


RE: Updated PI

08:19 am


Zoom meeting request tomorrow

08:29 am



10:27  am


FedEx Shipment

11:02 am


Note: The messages will be delivered within 1-2 hours after you receive a confirmation mail notice.

This message was sent by the MailDaemon server umbc.edu notification.

Thank you!



Copyright© 2021 Webmail, Inc.

The links in both of these emails will take you to separate domains https://sign-in-verification-929bb.web.app and https://firebasestorage.googleapis.com respectively. The links in these emails will ask you to sign in. By signing in, they will be able to steal your passwords. 

Below is a copy of the https://sign-in-verification-929bb.web.appwebsite. The Firebase page has been removed.

If you have received this email, please DO NOT CLICK on the link. However, if you have clicked on the link, DO NOT ENTER your password. If you entered your UMBC password, immediatelyCHANGE YOUR PASSWORD.

If you have received any message similar to the one listed above, please forward it with its headers tosecurity@umbc.edu


Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.

Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity.


Posted: October 11, 2021, 10:21 AM