Current Threats, Security Awareness Newsletters

This Week’s Cybersecurity News, 11/14/2024

Posted on Nov 14, 2024Share on

laptop screen with a fish hook stealing credentials

Hello, everyone.

Today I want to tell you about the official change for reporting phishing attempts and junk email. There is yet another current threat with a “health advisory” theme for the third week in a row. I want to start sharing tips for staying cybersafe as the holiday season is beginning. And I want to remind everyone again that you need to complete your IT Security Awareness Training if you haven’t already done so.

Reporting Phishing Attempts & Junk Email

  • Yesterday UTK’s Office of Innovative Technologies (OIT) officially announced the new way to report phishing attempts and junk (spam) emails.
  • OIT has asked that you use the new built-in button in Outlook for reporting.
    • Please use the “Report” button with the red shield and exclamation point that is in the Outlook ribbon.
    • When you click the down arrow below “Report,” you will see the option to choose “Report Phishing” or “Report Junk.”
    • Please do NOT use the “Report Message” button on the right side of the Outlook ribbon, as this button will soon be going away.
  • I do ask that you forward any email you receive that you have questions about to me for verification before hitting the “Report” button so I can share information with UTIA if there is a widespread threat.
  • Once the “Report” button has been hit, the email will be removed from your inbox.
  • And you can always forward anything to me when you have any kind of questions or concerns.
  • I have updated the reporting information on the UTIAsecurity site.
  • Please note that if you are using a UTK Gmail account, you won’t have access to the “Report” button, but you can forward the email to abuse@utk.edu (this is to be used by UTK Gmail accounts only).

Current Threat

  • Health & Safety Update (phishing email)
    • This is the third week in a row for a very similar email regarding health and safety information.
    • The email appears to have come from an actual UT employee, but the name and address may vary.
    • The subject is Important Health & Safety Update for University of Tennessee Community.
    • The message says that a staff member recently tested positive for a contagious virus.
    • The message says you can reach out to <Healthcenter[@]utk.edu>, which is not a valid address.
    • The message signature shows Lisa Guzman and the department is Health Care Center.
    • There is no department at UT named “Health Care Center” and there is no one in the directory named Lisa Guzman.
    • While these emails appear to be from a UT employee, that person’s account has been compromised and has been used to send the fake emails.
    • If you get this email, please do NOT click on the links.
    • Report the phishing attempt by clicking the “Report” button (red shield with and exclamation point) in the Outlook Ribbon.

Staying Cybersafe During the Holiday Season

  • Social Media Tips
    • With the holidays quickly approaching, we need to be extra careful about sharing too much information online.
    • I know that everyone likes to share with friends and family on social media when and where they will be during the holidays.
    • However, it pays to be cautious when sharing online.
    • Here are some tips for staying cybersecure on social media, especially during the busy holidays.
      • Be careful about what you share online.
      • Don’t post your home address.
      • Don’t post your location and limit location sharing by disabling location services on social media posts to prevent others from knowing your exact location at any given time.
      • Ask friends and family before sharing photos and information about them on your social media accounts.
      • Always use strong passwords and multifactor authentication for each social media account.
      • Be extra cautious of links on social media, whether it be for shopping, videos, etc.
      • Monitor each account closely for suspicious activity and report anything that seems off.
      • Do not use public WiFi for doing anything you want to keep protected, including entering passwords and credit card information.
      • Keep all your devices and apps updated.
    • And please share this information with  your family, friends, clients, students, and anyone else you want to help protect online.

Important Reminder

  • IT Security Awareness Training
    • If you have been assigned training, this is a reminder to complete that training before the end of the year.
    • The IT Security Awareness training is required of all UTIA workforce, which includes student employees, on an annual basis.
    • The IT Security Awareness training is part of the 2024-2025 UTK Compliance training, as assigned by UTK HR.
    • Assignment and reminder emails will come from the UTK Compliance Committee noreply[@]utk.edu, and I will be sending individual reminders about the IT Security Awareness training this month.
    • As in the past, any user not completing the IT Security Awareness module by the deadline will lose access to all Institute-owned and University-owned systems until the training has been completed.
    • If you have been assigned this training, you can find it by logging into K@TE https://kate.tennessee.edu and it will be listed under “My Active Courses”.
    • This newsletter goes out to those on the UTIA distribution list, along with some other specific distribution lists, so it is possible you do not have training assigned, but if you aren’t sure, please send me an email and I will look for you.
    • While the deadline has been set for 12/31/2024, I highly recommend that you complete it before then to ensure you get the proper credit due to DASH implementation happening at the first of the year.

Thank you so much for helping me protect the Institute and its data. I appreciate the time and effort everyone puts into making sure we stay safe!

Sandy

Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone has an email group for students who are not employees of your department, please let me know what that address is, and I can include it. I do this as a blind copy so student names and addresses will not show up!

Sandy Lindsey
Chief Information Security Officer
Information Technology Services
The University of Tennessee
Institute of Agriculture

 

 

G061​ McCord Hall
2640 Morgan Circle Drive
Knoxville, Tennessee, 37996
Phone: (865) 974-7292; (865) 806-5224
sandy@tennessee.edu