Tips to Combat Financial Scams

Hello UMBC Community!

The Cybersecurity Assurance and Digital Trust Department in the Division of Information Technology has some tips for you to stay safe from financial scams that have recently taken place.

Attackers send phishing emails to trick unsuspecting victims into providing their user ID, password, and multifactor codes. Often, these phishing lures contain a link that redirects the user to a login page.

DoIT has observed cases where the attackers are mirroring legitimate login screens to capture credentials and multifactor authentication (MFA) codes in real time. The only indicator that something is amiss is the URL in the address bar.

Follow these general tips to safeguard your financial data and funds:

1. Use Strong & Unique Passwords: Never reuse your UMBC password on other platforms — including financial services such as BankMobile. Create unique passwords for each separate account.
2. Periodically Verify Your Personal Information: Log into your accounts and make sure all your information, such as linked financial accounts, billing address, phone number, and email addresses are correct.
3. Check the Link: Look over URLs and ensure you are accessing a trusted service. If you see a login page but the URL does not look legitimate, do not provide your password or MFA codes. It is best practice to bookmark trusted services to navigate to them directly.
4. Don't Give Away Your Secrets: UMBC and your financial institutions will never call, email, or text you to ask for your password or MFA codes.

If you give someone your password and MFA codes, you are handing them the keys to your account. This could result in financial loss or unauthorized activity for which you may be held responsible.

If you see something, say something! Report all phishing emails to security@umbc.edu.

 

Stay smart, stay safe!