UMBC logo

« UMBC Blackboard Usage Sets All Time Record in FA2009 | Main | DoIT Extends Informal 60 minute Technology "Drop-In" Sessions »

January 23, 2010

URGENT: Fake myUMBC Login Pages

To the campus:

The Division of Information Technology (DoIT) has seen an increase in attacks this weekend focused on getting people to provide their user name and password. These attacks, called phishing, are becoming tailored to look exactly like an official UMBC message and Login page. The goal of these attackers is to get people to provide their password and other sensitive information.

The e-mails received this weekend provide a link within the mail message to a web page that looks identical to UMBC’s real WebAuth login page. The giveaway that these are FAKE is the URL goes to a non-UMBC web page. See example of a bogus e-mail below.

If ever in doubt simply do not respond or submit information.

How Can I Tell if the Login Page is Fake?
The best way to tell is if the URL of the web page does not have the “” domain at the beginning of the URL.

Sample CORRECT URL: (Notice the correct “” at the beginning of the URL)

Sample FAKE URL: (Notice the FAKE “” at the beginning of the URL)

What Should I Do If I Already Logged Into The Fake WebAuth Page?

You should immediately change your password by going to: myUMBC > Personal >Online Info > Change my Password or my going directly to

Example of FAKE E-mails Being Sent to UMBC Account Holders

Dear User,

A scheduled maintenance has just been completed on our e-mail system. In
order to keep this account active and protected, you will be required to
immediately re-login. Kindly click on the "Login to My Account" link
stated below:

Login to My Account

We apologize for any inconveniences caused.

Security Department,

E-mail Services.


Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)