- Academic Affairs
- Administration and Finance
- Center for Health and Homeland Security
- Center for Information Technology Services
- Communications and Public Affairs
- Development and Alumni Relations
- Government Affairs
- Human Resource Services
- Office of Community Engagement
- Operations and Planning
- Office of the President
- Police and Public Safety
- Research and Development
- University Counsel
IT Security and Compliance
Introduction from Fred Smith, Chief Information Security Officer
Email is an essential part or our everyday communications. It is also one of the most common methods that hackers use to attempt to gain access to sensitive information. Phishing is basically someone trying to get you to do something or tell them something through email that enables them to compromise you in some way.
More than 90% of data breaches start with a phishing attack. “Phishing” uses fraudulent email messages designed to impersonate a legitimate person or organization and trick the recipient into downloading harmful attachments or divulging sensitive information, such as passwords, bank account numbers, and Social Security numbers.
CITS will never ask you to put your password into an email message, but scammers will. Do not share your password with others.
To protect yourself as you read email and surf the web, you need to know where links are going to take you, compared to where you expect to go, links and their associated addresses can be misleading.
Please read “Take a Closer Look Before you Click!” regarding malicious links and attempts at tricking you into divulging your UMB credentials (link below).
To protect yourself as you read email and surf the web, you need to know where links are going to take you, compared to where you expect to go, links and their associated addresses can be misleading. Email sent by phishers and hackers may contain links that look like they go to familiar, expected locations - but not quite. Do you know how to tell an authentic link from a fake?
You may see "Click here" in an email message. You can examine where that link goes by putting your cursor over the link without clicking, try it. Your browser will show you the link address. Does it go where you are expecting it to go? It is also possible for the destination webpage to send you off to another page so you should check at the top of your browser for the actual web address of the page that you are viewing.
Instead of a “Click Here” you may see an actual link like this in an email message, http://payroll.umaryland.edu/IncreaseYourPay.html but just like the "Click Here" link, that address link may actually go someplace else. Put your cursor over the link without clicking and your browser will show you where it will really send you. Does it go where you want to go?
Web page addresses have this general format:
Notice the punctuation around the website name:
- :// - immediately before the web site name
- / - immediately after the web site name
Any valid website at UMB will end with "umaryland.edu" and be located immediately after the double slashes and before the first single slash.
These links look the same, but are they?
If you put your cursor over a link without clicking on it, your browser will generally display the address that the link really goes to, regardless of what the text under your cursor actually says.
You need to be on guard against attempts to fool you into believing it is at a safe familiar site instead of a criminal or hacked site. The essential rule is: the real hostname always appears immediately after the double slashes and before the FIRST single slash. Hackers may build a webpage address with a familiar hostname before the SECOND single slash in an attempt to get you to believe their malicious site is familiar. If you see "umaryland.edu" anywhere else in the whole address, it may be a distractor to make you think you are going to a UMB webpage when you are not.
Hovering before clicking and checking for a familiar hostname in the correct position will save you from a great many scams and tricks offered in your email and on the web.
If you see "umaryland.edu" anywhere else in the whole address, it may be a distractor to make you think you are going to a UMB webpage when you are not.
This same rule holds true if you are expecting a webpage on any other website that you may be familiar with. If you are expecting to go to PayPal, amazon, Gmail etc. always look for that familiar website name immediately before the first single slash.
An Actual Phishing Email Example
From: Email Adminstrator <Email Administrator@umaryland.edu>
Subject: Warning !!!
Date: February 10, 2015 4:04:13 PM EST
We have received many negative complaints against your email address that it is being used by spammers to promote spam remotely. We wish to notify you that we will temporarily lock down all emails sent from your address and reject them until we successfully verify that this email is under ownership of the authentic user and not by some bot.
So, if you are reading this then an important action is required by you to save your email from being flagged and to avoid further
discontinuation of your outgoing email service. Please click here to authenticate the ownership of your account and "Click here"
Copyright © 2015 Email Security Team. All Rights Reserved
- Hover over the From: address – it’s not from anyone at UMB
- Look at and hover over the Reply-To: - it doesn’t belong to anyone at UMB
- Hover over the “Click Here” - it’s taking you to a site outside of UMB, it doesn’t have .umaryland.edu anywhere in the link
- If you receive an email that has that has any of these characteristics, DELETE it.
Legitimate Email Example
The Password for your UMID account will expire on 1/13/2015 10:06:12 AM.
This is the password used to access all UMID authenticated applications, such as the myUMB Portal, eUMB Systems, COEUS, Effort Reporting, SURFS, Blackboard, Google Apps @UMaryland, myUMB Mail, Campus Wireless (eduROAM), Library Resources, and Mediasite.
If you do not change your password, your password will expire and you will lose access to all UMID Authenticated Systems/Applications.
To reset your password, go to the Account Management Site (https://directory.umaryland.edu) and log in with your UMID and current Password. Click on the "Password" link on the left side of the screen to enter a new password.
If you do not remember your UMID or password, click on the "I cannot log into UM Account" link.
If you have any questions or the system does not accept the answer you are entering for your verification, please contact the IT Help Desk at 410-706-4357 (x6-HELP) or firstname.lastname@example.org.
IT Help Desk
Center for Information Technology Services (CITS)
University of Maryland, Baltimore
601 W. Lombard Street, Room 540
Baltimore, MD 21201
410 706-4357 (x6-HELP)
- This email passes all of our checks to verify links and addresses
- Don’t trust that just because it has the campus branding that it is legitimate, that is easily copied and can be added to more sophisticated email phishing attempts, just remember to take a closer look, hover and check all links before clicking through.
What is Ransomware?
Ransomware is vicious malware that prevents a user from accessing his or her files by encrypting them. Ransomware typically arrives on the affected computer through spam emails or executed via malicious ads or compromised websites however more recently ransomware has been known to start from a malicious email attachment. Once the ransomware is executed on the compromised computer, it encrypts files on the user’s computer and any mapped network drives and even connected cloud storage such as Dropbox, OneDrive, Google Drive, etc.
Ransomware was designed to prevent the user from accessing their files and force them to pay the attacker a fee in order to regain access. Once the files are encrypted, ransomware displays a text document or HTML page with a message informing the user that their files have been encrypted and gives instructions on how to obtain the decryption key needed to unlock the files. This message may also warn users that the decryption key will be deleted after a certain time period to pressure the user into paying sooner. The message also contains a link to a website where the user can make the payment. Even if the user pays the ransom, there’s no guarantee that the attacker will provide the decryption key needed to unlock their files.
What can I do to protect my data?
- The best way to protect yourself and the organization from ransomware is to limit your online activity to business related sites only.
- NEVER click on links or open attachments in emails you were not expecting.
- Minimize the amount of data that is stored locally on your computer. Data stored locally is NOT backed-up by your IT support group. If you do need to store data locally, it should only be personal in nature and it is your responsibility to ensure personal files are regularly backed up to an alternate storage location.
What should I do if I suspect I was a victim of ransomware?
If you suspect your computer may be impacted by Ransomware, please contact your local IT Support group immediately so we can assist with containment of the malware and any recovery operations that might be possible.
Campus Security Deviation Requests
The Office of Legislative Audits (OLA) requires an approved request be on file for any deviation from our standard IT security practices as defined in the USM IT Security Standards.
Typical deviations include access to sensitive information, administrative rights access for a local workstation and the ability to run software that is outside of the standard set of vetted and approved software required to do your daily job. All deviation requests require approval from a department head or manager. Once approved the appropriate action can be taken by the IT Security & Compliance group. All approved requests will be saved for periodic access control review as well as review by USM and OLA auditors.
National Cyber Security Awareness Month (NSCAM) was in October. Read more...
The Center for Information Technology Services has provided the campus community with a lot of information about how to stay safe online. The end of the month, however, should not be the end of awareness. The number of malicious attacks, phishing attempts, identity thefts, and data breaches are increasing dramatically. To give everyone a toolkit to help with Internet safety we offer the following links:
Would you know what to do if you were a cyber-crime victim? Here is a Victims of Cybercrime Tip Sheet. On Twitter, visit: #NCSAM.
Have you spotted or been a victim of an online scam? The Federal Trade Commission’s Complaint Assistant is a good resource for reporting it.
Online scams are becoming more sophisticated and harder to detect every day. Stay up to date about online scams and report suspicious activity you encounter.
If you would like to know how risky your normal online practices are? You can use the Online Identity Risk Calculator.
Remember: Stop. Think. Connect.
Helpful Security Information
Stay Updated with the Latest Cyber Threats and Technologies
- Information Security Guide: Effective Practices and Solutions for Higher Education
- Watch videos about current security related topics and learn how to protect yourself from threats.
Users of UMB network resources are required to have a user password at startup and must also “Lock Down" (or log out of) the computer each time the computer is left unattended. Individual user sessions must also initiate a password protected screensaver after a period of no more than thirty (30) minutes of inactivity.
Additional policies issued by schools and departments may be applicable to your use of UMB computing resources. View the latest UMB IT Computer Workstation Security Policy.
CITS has recently seen a noticeable increase in e-mail that looks very official and professional asking for user login credentials. Unfortunately some users fall victim to these attacks. Once the spammers have valid login information, they begin sending messages to the internet using University identity. Because of the high messaging volumes being sent to the internet from the compromised accounts, UMB servers become “blacklisted.” Once UMB servers are blacklisted, even valid messages sent by UMB users are denied!
Fighting spam and not falling victim to social engineering attacks is everyone’s job. Remember that the University will NEVER ask for your user login credentials in an email mail message. Simply delete these messages; DO NOT reply, EVER.
April 25, 2017 | The National Cyber Security Alliance and the Better Business Bureau suggest that these days we should also consider doing digital spring cleaning.
February 1, 2017 | The Internet Crime Complaint Center (IC3) has issued an alert on employment scams targeting college students.
January 20, 2017 | To protect yourself as you read email and surf the web, you need to know where links are going...