← Back to News List

Phishing Alert: Fake Announcement from ‘Admin Server’

Don't Click The Button!

Recently, the Division of Information Technology(DoIT) received reports of a phishing email. The scammers sending these emails are using a forged From address of:

'Admin Server <security@umbc.edu>'.


Below is an example of such an email. For privacy reasons, we removed the recipient’s information..


Please confirm your email account with umbc.edu    

@umbc.edu 

  

Attention:  

Due to the latest regulations concerning online safety and KYC 

procedure ( Know your Customer ), we are sending this urgent notice to all 

Email Administrator users, in order to filter real and active accounts. 

In order to avoid your @umbc.edu address from being shut down, 

please confirm you are still using your account now: 

  

Confirm email account 

  

  

By logging in, you are confirming that you are still using our services and that the person registered is the person using them.


Here is a screenshot of the same message:






Please note that the Division of Information Technology did not send this email. Visible red flags in this email:

  1. The wording.  The message is being sent to ‘Email Administrator Users’.  That does not really make sense.  There is such a thing as an Email Administrator (UMBC has several of them) and such a thing as an Email User (UMBC has a lot of these), but no  ‘Email Administrator Users’.

  2. The link.  If you move your mouse over the button that says ‘Confirm email account’ without clicking, and look at the bottom left of your email window, you will see a link to ‘https://ipfs.fleek.co/ipfs/QmVTaVBV6f4fVDqvviHL8CBuqpX5ZJX37YVwdNWxC5FDBG/index0000.html#@umbc.edu’.  Use this ‘mouse hover and peek trick before clicking on anything.  This link goes to a website at ipfs.fleek.co.  That .co at the end is not the same as a .com.  Two-letter endings are generally codes for specific countries (https://en.wikipedia.org/wiki/Country_code_top-level_domain)  The country code ‘.co’ is assigned to Columbia.  If you can’t think of a good reason for UMBC’s DoIT to refer you to a server registered out of Columbia to ‘confirm’ your email account,  BE SUSPICIOUS!

When you become suspicious, send an email to security@umbc.edu.  (Don’t worry, when you send it, it will go to the real UMBC IT security group!) or call the Technology Support Center at 410-455-3838.  DO NOT CLICK ON THE LINK!


For more information about phishing, visit:https://itsecurity.umbc.edu/critical/?id=98136.


If you have received any message similar to the one listed above, please forward it with its headers to security@umbc.edu. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.


______________________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. For instructions, visit: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.


Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity.




Tags:

Posted: August 9, 2022, 3:21 PM

Read Original Post in myUMBC