Online scammers and attackers continue to target University of Maryland faculty, staff, and students. To make it easier to recognize the threats, DIT Security Operations Center would like to share the most common email scams we are currently seeing. This article will be periodically updated as tactics and trends change.
These messages may appear to come from someone you recognize at the university, such as a supervisor or colleague. The message will mention that some departments are hiring individuals to perform remote work of administrative duties for visiting professors. A mention of weekly salary will be discussed and an external, non-UMD email address will be at the bottom as the address to apply/contact for more information.
If you see messages like this please forward them to spam@umd.edu and/or delete them.
These messages may appear to come from someone at the university, but the sending email address may not be their UMD email address. The unsolicited message will invite you to work on an interdisciplinary research project to collect data online. A mention of weekly salary will be discussed and it will ask you to provide personal information, including a non-UMD email, in order to indicate your interest.
These messages are impersonating someone at the university, and the job offer is a scam. The intent is to extort money from you during the application process.
If you see messages like this please forward them to spam@umd.edu and/or delete them.
These messages may appear to come from someone you recognize at the university, or an outside account. It will look like a standard Google Drive or Sharepoint message and may state that someone you know wants to share a file with you. If you click the link in the email, it leads to a file with a Microsoft OneDrive or Google Drive image with another link to asking you to click and view the file. If you click that link it will take you to a website form such as Google Forms or Jotfom asking for your email address and password. Entering your credentials on this form will lead to a compromise of your account.
If you see messages like this please forward them to spam@umd.edu and/or delete them.
You may receive emails regarding an account with Venmo that is tied to your university email account. While these are legitimate messages from Venmo, someone has used your email address to sign up for an account with them. Venmo allows users to create accounts without validating the email address. There is no unauthorized access to your actual university account. Scammers will attempt to use legitimate email addresses to appear like a real person, and attach stolen credit cards to these Venmo accounts.
If you receive such emails, follow the directions in the emails to report the account to Venmo directly.
While technically not spam or phishing, there has been a huge increase in the number of emails from outside companies who want to help you with your retirement, pension, or financial matters. These emails may have not only your name but your title and department, and express that it's "time to meet about your options". Some of them will have a line in small print that states they are not endorsed or affiliated with the university, which is true.
These companies obtain information from the university's public directory and use an aggressive and creative marketing technique. The language used in their emails is written in a way to make the recipient think it is a legitimate service provided by the university. However, these companies are hard to identify and verify and their services may not have your best interest in mind. We do not recommend setting up an appointment with them.
Any legitimate email regarding retirement or pension information will be sent directly by UHR and/or the State of Maryland.
These email scams appear to come from someone you know at the university, such as a supervisor or colleague. Many of them start with an innocent question such as "Are you available?" The intent of these is to get you to respond to them. Eventually they will ask you to purchase gift cards with the promise that you will be reimbursed.
These emails did not originate from someone at the university and if you reply to them, you will see they are going to an external email address and not @umd.edu.
If you receive an email from a colleague and you are not sure if they really sent it, always verify by contacting the person directly at their campus phone number.
These scam emails mention the sender's desire to give away, donate, or otherwise gift a high-end piano for free. They may reference the name of an actual UMD employee in order to appear legitimate. They may ask you to contact this person at a non-university email address and ask you to use your personal email address when corresponding.
The intent of this scam is to eventually get you to pay some kind of fee in order to move the piano. They may also steal your university credentials by asking you to log in to a bogus site.
Always be suspicious of any email that asks you to use a non-university email address to respond - this allows scammers to hide from the organization they are targeting. Additionally, any offer that could be considered "too good to be true" is likely just that.
If you receive an email from a colleague and you are not sure if they really sent it, always verify by contacting the person directly at their their campus phone number.
Scammers are using PayPal to send a money request and then canceling the request with a message about suspicious activity. Their goal is to get you to call them to negotiate a refund and threaten you with a large charge. These messages typically include poor grammar in the Notes section.
If you do not recognize the person or the charge, do not respond and delete the email.
These emails will arrive in your inbox and may appear to have been sent from your own email account. The scammers may claim to know your passphrase and have evidence of you engaging in activity on adult websites. Often this evidence is a video of you, allegedly captured using your webcam. The scammers threaten to release this video to your contacts unless you pay them in Bitcoin. The sender is usually from a random external address who is "spoofing" your email address.
The intent of these emails is to elicit an emotional response of panic and fear, which means it's more likely that someone will pay up to keep things quiet. These scams are extremely prevalent due to their success.
Rest assured that your email account and computer have not been compromised in such a manner and you can safely delete the email.
These emails appear to show a paid invoice for a service you may not recall purchasing. They usually have a high amount and are meant to get you to question why and how you are being charged for this. Calling the provided customer support number will lead to a conversation about an easy refund process in which customer support will eventually ask you for credit card or banking details in order to properly get your money back.
The point of this scam is to get you to divulge your financial information. If you are not sure if an invoice you received is real, never call the provided phone number in the email. Always look up the company's customer support information on their official web site and call that number instead.
Usually targeting payroll and HR representatives, these emails will appear to come from someone at the university stating that their banking information has changed and they would like to update their direct deposit information. These emails are almost always "spoofed", meaning that the scammer has forged the sending address to appear legitimate. If you reply to this email you would notice it is not going to a @umd.edu email address.
These scams should always raise red flags as the university has a process on making direct deposit changes that involve an original signature on a paper form. Changes should never be processed based on information provided in an email alone. If you have any questions on the legitimacy of such emails, always verify by contacting the person directly at their @umd.edu email address or their campus phone number.