Recognizing Phishing and Scam Emails
Introduction
Campus community members continue to be targeted by scam and phishing emails. These are attempts to obtain your login credentials or money.
To get your attention, scammers cleverly craft messages to look as if they are legitimate messages from campus or the department, even using the name of someone you know.
Tips For Identifying Scam and Phishing Messages
-
Please check the sender’s email ADDRESS that appears in the FROM header, i.e. look for exampleperson@cs.umd.edu and NOT simply “Example Person”.
-
If the message seems oddly brief or suspicious and does not end with @cs.umd.edu or @
.umd.edu then consider it fake and delete it. -
All official work-related communication should be using an @cs.umd.edu or @umd.edu address. If you accidentally send a message from a personal email and do not receive a reply, try resending using your official work email address.
-
If the sender’s message looks very convincing and you believe that it may be authentic, e.g., from the chair or any others in the department, please first check the sender ADDRESS or contact the person known to you by phone or their @cs.umd.edu address and ask if the message is real. If you have questions about the authenticity of any other message, do not hesitate to contact the IT staff.
-
Please ignore and delete any fake message that you receive. No further action is necessary. If the IT staff requests that google disable the account or block at the CSD firewall (about half of you are receiving the message sent to your @umd.edu account over which we have no control) there are infinitely many account names the perpetrator can create to continue to contact us. For the perpetrator to learn that the someone has blocked their account means that they have received ATTENTION. Please remember that attention is validating and will continue their interest in our organization. For this same reason, please do not engage the sender by pretending to play along. NO RESPONSE is the best reaction.
-
By all means, if you mistakenly fall for one of these messages and provide your user credentials, credit card info, or other personal info., please let us know a.s.a.p. You may also contact the campus IT Security Operations group at soc@umd.edu.
There is no way that the CS dept. or campus or Google/Gmail can prevent someone in the world sending an email that looks as if it is coming from your name with a valid email address that belongs to another person.
In addition to knowing that anyone can spoof an email so that it looks as if it came from someone else, please keep in mind that email is not a place to communicate information that should be kept secure/private, e.g. SSNs, credit card numbers, etc. Most Univ. email is housed on Google. While we may trust that Google is protecting our data, we have no control of or oversight of how well they are doing their jobs.
Example Messages
-
A Classic Example
The image below is a screenshot of a phishing email with several warning clues:
- The sender’s name (UMD) and the sender’s domain (purdue.edu) do not match
- The message body is vague and contains possible grammatical or spelling errors
- A cryptic link is presented with no description of the destination
- When previewing the link, we see that the destination is a non-UMD domain. Clicking this link would direct the user to a page that would ask for their UMD password, and thus compromise their account.
-
“Are You Available?”
In this financial fraud scam, the attacker poses as a staff member, colleague, chair or dean with a similarly-spelled email address. The user will be asked to reply and sometimes to provide a cell phone number to take the conversation offline. When contact is established, the attacker will claim to be off-campus or in a meeting, then ask the user to purchase a large amount of gift cards. Ultimately the attacker will ask for the cards’ information and PINs to steal the value from the cards remotely. Read more about this from the Chronicle of Higher Education.
-
“Upgrade To Our New Email System”
In this credentials-stealing scam, the attacker claims to represent IT, and says that a systems upgrade requires the user to visit a website to either verify their account or reset their preferences. A link in the email is constructed to appear to originate from the department, but actually links to an non-department network. Users clicking the link will be sent to a destination that will steal usernames and passwords or serve malware (or both).
-
“My Child Needs A Tutor”
In this advance-fee fraud scam, the attacker claims to have a child that needs tutoring. The user will be convinced to accept and cash a check as an advance, then send back a portion of the funds to the attacker. The check is fraudulent, and by the time it bounces the user is responsible by the bank for the entire amount. Read more about this scam.