Current Scams and Phishing Emails


Table of contents

Online scammers and attackers continue to target University of Maryland faculty, staff, and students. To make it easier to recognize the threats, DIT Security Operations Center would like to share the most common email scams we are currently seeing. This article will be periodically updated as tactics and trends change.

Administrative assistant remote job

These messages may appear to come from someone you recognize at the university, such as a supervisor or colleague. The message will mention that some departments are hiring individuals to perform remote work of administrative duties for visiting professors. A mention of weekly salary will be discussed and an external, non-UMD email address will be at the bottom as the address to apply/contact for more information.

If you see messages like this please forward them to spam@umd.edu and/or delete them.

Top

2022RESOURCE.pdf Shared Google Drive link

These messages may appear to come from someone you recognize at the university, such as a supervisor or colleague. It will look like a standard Google Drive message but the sender is an email account outside of the University. If you view the link it is a PDF file with a Microsoft OneDrive or Google Drive image with a link to "View the shared file". If you click that link it will take you to a Google Form asking for your email address and password.  

If you see messages like this please forward them to spam@umd.edu and/or delete them.

Top

Retirement/pension assistance emails

While technically not spam or phishing, there has been a huge increase in the number of emails from outside companies who want to help you with your retirement, pension, or financial matters.  These emails may have not only your name but your title and department, and express that it’s “time to meet about your options”.  Some of them will have a line in small print that states they are not endorsed or affiliated with the university, which is true.

These companies obtain information from the university’s public directory and use an aggressive and creative marketing technique. The language used in their emails is written in a way to make the recipient think it is a legitimate service provided by the university. However, these companies are hard to identify and verify and their services may not have your best interest in mind. We do not recommend setting up an appointment with them.

Any legitimate email regarding retirement or pension information will be sent directly by UHR and/or the State of Maryland.

Top

“Are you available?” gift card scams

These email scams appear to come from someone you know at the university, such as a supervisor or colleague. Many of them start with an innocent question such as “Are you available?”  The intent of these is to get you to respond to them. Eventually they will ask you to purchase gift cards with the promise that you will be reimbursed.

These emails did not originate from someone at the university and if you reply to them, you will see they are going to an external email address and not @umd.edu.

If you receive an email from a colleague and you are not sure if they really sent it, always verify by contacting the person directly at their @umd.edu email address or their campus phone number.

Top

“Sextortion” scams

These emails will arrive in your inbox and may appear to have been sent from your own email account. The scammers may claim to know your passphrase and have evidence of you engaging in activity on adult websites. Often this evidence is a video of you, allegedly captured using your webcam. The scammers threaten to release this video to your contacts unless you pay them in Bitcoin. The sender is usually from a random external address who is “spoofing” your email address.

The intent of these emails is to elicit an emotional response of panic and fear, which means it’s more likely that someone will pay up to keep things quiet. These scams are extremely prevalent due to their success.

Rest assured that your email account and computer have not been compromised in such a manner and you can safely delete the email.

Top

Subscription renewal scams

These emails appear to show a paid invoice for a service you may not recall purchasing. They usually have a high amount and are meant to get you to question why and how you are being charged for this.  Calling the provided customer support number will lead to a conversation about an easy refund process in which customer support will eventually ask you for credit card or banking details in order to properly get your money back.

The point of this scam is to get you to divulge your financial information. If you are not sure if an invoice you received is real, never call the provided phone number in the email. Always look up the company’s customer support information on their official web site and call that number instead.

Top

Direct deposit change scams

Usually targeting payroll and HR representatives, these emails will appear to come from someone at the university stating that their banking information has changed and they would like to update their direct deposit information. These emails are almost always “spoofed”, meaning that the scammer has forged the sending address to appear legitimate. If you reply to this email you would notice it is not going to a @umd.edu email address.

These scams should always raise red flags as the university has a process on making direct deposit changes that involve an original signature on a paper form. Changes should never be processed based on information provided in an email alone. If you have any questions on the legitimacy of such emails, always verify by contacting the person directly at their @umd.edu email address or their campus phone number.

Top