UMBC logo

« Stories from the 5th Annual UMBC Digital Storytelling Workshop | Main | 24/7 Bb Support Update: January Stats & Known Issues »

February 5, 2010

Security Update: Why UMBC's Login Screen Has Changed

During the past two weeks UMBC account holders have been the targets of Phishing attacks. Phishing is where a criminal entity or hacker attempts to acquire sensitive information such as usernames, passwords or personal financial information by masquerading as a trustworthy entity. In UMBC's case they have been pretending to be representatives of DoIT or other trusted groups within UMBC. Their fake e-mails provide a seemingly legitimate and innocent request to Login to myUMBC.

Unfortunately, the link they provide in the e-mail takes you to a page that looks just like UMBC's login pages when in fact it is a bogus web page that collects your username and password. To help educate the campus we have created a new pop-up during the login encouraging users to always check the Web Address in your browser to make sure it originates from UMBC.

Here is a sample of the new security tip pop-up:


The hackers then login with the compromised user name and password to send millions of spam messages all over the world. The end result is that UMBC's mail servers are blocked by various mail providers (e.g. hotmail, Gmail etc.) because UMBC looks like a spam source. This creates numerous problems for staff and limited resources at UMBC.

A Few Reminders From DoIT:

* NEVER Provide Your User Name and Password to Anyone
* NEVER Click on a Link You Are Not Expecting or Are Unsure Of
* NEVER Download or Open a File You Are Not Expecting or Unsure Of
* NEVER Install Software That You Are Not 100% Sure Of

A Few Helpful Hints:

* Phishing E-mails Often State Some Urgent Need for Your Information
- e.g. Recent system upgrade, security changes to systems etc.
- If UMBC has a truly urgent need we will also provide a UMBC web page that originates from UMBC
- We Will Never Urgently require you to login or provide your username and password

* Carefully Examine the URL or Web Address in the Browser
- Make sure that the domain is in the beginning

* If In Doubt DO NOT RESPOND, contact DoIT to report your concerns


Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)