Current Non-Threats, Security Awareness Newsletters

This Week’s Cybersecurity News, 05/23/2025

Posted on May 23, 2025Share on

Laptop screen with a fish hook in an email

Hello, everyone.

I would like to apologize for the length of today’s newsletter. Sometimes security isn’t about short explanations. It becomes more important to give the full picture for a better understanding of why things are done.  So, I will begin with a quick non-threat. Then I want to fully explain yesterday’s phishing simulation exercise. I also want to remind you about some very important information about Duo.

Also, this is a great time to remind everyone that I greatly appreciate it when you share these newsletters. Remember that students are targets of phishing scams, especially at the beginning or end of a semester. Non-employee students often won’t know what is a scam unless someone shares the information with them.

Current Non-Threat

  • Staff Senate (email)
    • Last week you likely received an email about staff senate nominations.
    • The sender was The University of Tennessee, Knoxville via Smartsheet with an email address including “smartsheet” in the domain.
    • The subject was Staff Senate 2025 Nominations Open.
    • I contacted the UTK HR office and asked for verification since I was getting several questions about it and no one was familiar with “Staff Senate”.
    • It was confirmed that the email was legit and that UTK HR is using SmartSheets for the election process.
    • Since then I have been asked several times about an email from the same sender, but with the subject You’ve Been Nominated!
    • If someone nominates you for Staff Senate, you will receive this email letting you know.
    • You will also be given instructions to use the “Open request” button.
    • This is also legit, but I like to recommend that you right-click on the button and choose to copy hyperlink, then paste it in your browser’s URL.

Important Information

  • Phishing Simulation Exercises
    • Yesterday afternoon an email was sent with the subject Health Awareness.
    • This was a phishing simulation exercise conducted by UTK’s OIT Security.
    • The email was a replica of the Current Threats I mentioned in my last two newsletters, but with slight adjustments such as the sender’s name and email address.
    • OIT Security conducted this exercise because so many people across the UT System had received the previous actual phishing scams and roughly 600 of them had fallen victim causing their NetIDs to become compromised.
    • OIT Security included 100% of faculty, staff, and students in this particular phishing simulation, but there are smaller scale simulations that are being done on a regular basis.
    • Please do not be offended by these phishing simulations.
    • The purpose of a phishing simulation is to expose users to a simulated phishing attempt in a controlled environment.
    • A phishing simulation will mimic a real-life phishing attempt, but does not include the malicious links or attachments.
    • A phishing simulation is very useful for assessing employee awareness to see if there are specific areas of training we need to work on.
    • A phishing simulation can be very helpful with getting a known attack in front of everyone, but in a controlled environment, so they can see for themselves the information that would be in a real attack.
    • A phishing simulation is also useful to keep people familiar with reporting phishing attempts.
    • A phishing simulation is not about wasting your time or trying to embarrass you; it is about helping us help you stay aware.
    • If you were to click on a link in a phishing simulation, no one with whom you work will find out, but you will receive a message letting you know that you had been phished.
    • If you report the phishing attempt, you will receive an email thanking you for reporting the phish.
    • And please know that the subject and content of this simulation were chosen for no other reason than this is a replica of a real-world phishing attack and the hackers are using real events to trick you into clicking on something based on urgency or fear.
    • As always, here are my top tips for dealing with phishing attempts whether they are real or simulated:
      • Never click on any link or open any attachment that you are not expecting!
      • Notice the sender’s name and email address, particularly if they are implying they are with UT.
        • If the person claiming to be someone associated with UT but the address is a personal email address, then you should report it as phishing.
        • If the email is about UT-related information, check out any department name given to be sure it is a real department.
        • If the user is located at UT Chattanooga, for example, they would not send a health alert to employees at a different campus or institute.
      • You can always forward the email to me and I will help guide you through the specifics.
      • Refer to past newsletters found at Security Awareness Newsletters on the UTIAsecurity site.
      • You can also go to the UTIAsecurity Knowledge Base and click on the Fake Health Alerts tag on the left side of the screen. (This tag includes this year’s newsletters and I will be adding this tag to any newsletters with this information from last year.)
      • Report the phishing attempt by clicking on the red “Report” button on your Outlook ribbon. (This is the preferred method for reporting, but if you do not have this button, please forward the email to abuse@utk.edu.)

  • Duo Change *UPDATE*
    • Last week the process for Duo authentication was changed.
    • When using the push notification sent to your smartphone, you should now see a Duo Verified Push that will send a three-digit code on your computer screen that you need to enter in the prompt on your phone.
    • It appears everything most users have access to is using the verified push, but there were a couple of things that did not change over for different reasons.
    • If you get the old push notification, you can proceed as you used to with these, but please let me know about it by sending me what you were logging into and when so I can pass the information on to UTK’s OIT Security.

  • Other Critical Duo Information
    • As you know, UT uses Duo for multifactor authentication (MFA).
    • MFA has been proven to prevent phishing, malware, and ransomware attacks by providing an extra layer of protection for authenticating.
    • But like with any added protections, they are only useful if they are used correctly.
    • UT IT Policy and UTIA IT Standards basically say that you are to never share your password with anyone at any time for any reason.
    • Well, the Duo verification codes are the same.
    • If someone sends you an email asking you to do a Duo request and then send them the three-digit code with the new Duo Verified Push or the six-digit code using the hardware token, DO NOT DO THIS!
    • This code is for your eyes and use only…no one else gets to have it for any reason at all!
    • Once someone else gets that code, they can access your account and make all the changes they want, including things like your password, your direct deposit information, and any other personal information you have on record.
    • Always protect your passwords and auth codes the same as you protect the keys to your house!

I appreciate you all so very much for taking the time to read these newsletters. I understand how busy everyone is, but I want to share important information with you so you can stay aware. I get a lot of feedback saying the information is helpful and I truly appreciate that support. I am here for you any time you have any questions or concerns, so please do not hesitate to let me know.

Sandy

Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone else has an email group for students who are not employees of your department, please let me know that address and I can include it. I do this as a blind copy so student names and addresses will not show up!

      Sandy Lindsey
      Chief Information Security Officer
      Information Technology Services
      The University of Tennessee
      Institute of Agriculture

       

       

      G061​ McCord Hall
      2640 Morgan Circle Drive
      Knoxville, Tennessee, 37996
      Phone: (865) 974-7292; (865) 806-5224
      sandy@tennessee.edu