Current Threats, Security Awareness Newsletters

This Week’s Cybersecurity News, 10/23/2025

Posted on Oct 23, 2025Share on

Banner stating Cybersecurity Awareness Month, October 2025

Good afternoon, everyone.

Today I have a lot of information to share with you, including a trending threat that is affecting email, calendars, and Teams. I also need to discuss the only acceptable ways to report phishing and junk emails now, as well as the purpose for this. In addition, this is still Cybersecurity Awareness Month, so I want to remind you of a couple of important tips for keeping accounts secure.

Tomorrow I am planning to send an email about the new process for IT software purchases and renewals. This will be a systemwide change, as the Governance, Risk, and Compliance Team has been working to find a more efficient way that we can work across the UT System to review these requests.  

Current Threat

  • Teams Scam
    • Scammers are now using Teams for phishing attacks.
    • Over the past few months, I have been getting meeting “invites” from unknown individuals, but I keep treating them like those annoying unwanted texts (smishing) and phone calls (vishing)…I don’t respond, and I report as junk or spam.
    • Now I am being asked by others about messages that look like a calendar invite, although not always about an event, but are showing up in Teams Activity and on Outlook calendars.
    • As you know, calendar invites come through email, but these new “invites” don’t appear to have a matching email.
    • The scammer is hoping that you will respond via Teams by clicking on a link or the RSVP option.
    • In actuality, there is an email that goes with the invite, but you will have to search for it.
    • When you see one of these messages in Teams Activity or on your calendar, please do NOT click anything including Accept, Decline, or the RSVP button.
    • Instead do a search in your email using the subject or at least keywords from the subject.
    • When you find the message, please use the red “Report” button to report as phishing.
    • If the red Report button is not working, please do NOT forward to abuse@utk.edu because it will notify the sender.
    • And please make sure you are using the latest version of Outlook, which is Microsoft 365. (Please see additional information under the Important Reminder section below.)
    • It is important to Report this because when you click the Report button it will remove the email and the calendar event, then you can go to Teams Activity, click the three dots that appear when you hover on the message, then click More Options and Remove.
    • If you have questions or concerns about one of these emails, please send me a screenshot of the email invite or the Teams Activity, as this is the one time you don’t want to forward it.

Important Reminder

  • Reporting Phishing and Junk Emails
    • Reporting phishing emails, as well as junk (spam) is incredibly important.
    • When you report these emails, you are helping the appropriate teams know about the email and check into it so the email can be blocked from being sent to new recipients and purged from mailboxes that have already received it.
    • Sometimes just a few reports can stop the damage that could be potentially caused by others who weren’t paying attention and clicked on something malicious.
    • As you know, UTK’s OIT has made it a lot easier to report phishing and junk emails.
    • In the past, you needed to find the Internet header, then copied and pasted it to the email you forwarded to OIT Abuse.
    • A while back, there was a red Report button added to the Outlook Ribbon, located on the left side near the Reply button.
    • This Report button is not available with any version of Outlook other than the latest version, which is Microsoft 365.
    • To find out which version of Outlook you are using, click Help at the top of the Ribbon, then click the Help Button and type version in the search box.
      • If you are using any version of Outlook other than Microsoft 365, please see that this is updated as soon as possible.
      • If you are with the UT College of Veterinary Medicine, the CVM Computer Support group will help you will this.
      • If you are with UT Extension or UT AgResearch and Education Centers across the state, your regional IT staff will help you with this.
      • If you are located on the Knoxville campus or one of the Knoxville-area locations that gets assistance from UTK’s OIT Desktop Support, please call (865) 974-9900 if you need help.
    • If you have been approved to use an older version for a valid reason, then you will have to start reporting phishing and junk email by going to https://outlook.com and signing in to your Microsoft account.
    • The red Report button will be on the ribbon.
    • And if you are using the appropriate Microsoft 365 version of Outlook and the Report button is grayed out, you must use “New Outlook” and not “Classic Outlook”, and you can change this in the top right corner of the Outlook window.
    • Please know that by using the appropriate Report button the entire process is handled in a much quicker and more effective way.
    • I have updated Reporting Phishing Attempts & Junk Email on the UTIAsecurity site, so please bookmark this page for easy reference.

Cybersecurity Awareness Month Tips for Keeping Your Accounts Secure

  • Passwords
    • Please make sure you are using strong passwords.
    • Use a passphrase instead of a word to make it even stronger.
    • Use a minimum of 12 characters and be sure to use a combination of upper case, lower case, numbers, and special characters making the password more complex.
    • Remember that the longer and more complex the password is, such as 0ct0b3rIsCyb3rs3curityM0nth!, the less likely it can be cracked.
    • Never use the same password for multiple accounts.
    • Never use something like a birthdate or pet name because hackers can find out personal information on social media.
    • And, while some people say that you don’t need to change your password if it is complex, I still highly recommend changing your passwords at least every year (at a minimum) because if it is ever cracked, the password will almost certainly be sold on the Dark Web for all hackers to access.
    • If complex and unique passwords for each account are becoming too difficult to handle, you can consider using a reputable password manager such as KeePass or 1Password.
  • Multifactor Authentication (MFA)
    • MFA is an extra layer of security that confirms your identity when logging into an account by using a code sent to your phone or generated by an authenticator app.
    • This is particularly important because, even if an unauthorized user has your password, they won’t be able to access your account.
    • Use MFA whenever possible.
    • We are currently using Duo to log into our UT resources, but there are other options for accounts that are not related to UT resources.
    • Please use MFA for credit cards, banking, health, etc.
    • Just go into the account settings and see if there is an option to turn on MFA or two-factor authentication.
    • You can usually choose how to get your code, either by text, email, authenticator app, or face recognition.
    • If you choose to use an authenticator app, I highly recommend that you use only Microsoft Authenticator or Google Authenticator and only download them from the Apple App Store or Google Play.
    • Please make sure you read any push notification or passcode request you receive!
    • If you receive a notification or request you did not initiate, please do NOT approve it and change your password for that account, just to be safe.
    • And never share codes with anyone, as legitimate businesses or organizations would never ask for your code.

Thank you for all you do to protect the Institute and its data, students, employees, clients, and yourself. Please let me know anytime you have any questions or concerns.

Sandy

Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone has an email group for students who are not employees of your department, please let me know what that address is, and I can include it. I do this as a blind copy so student names and addresses will not show up!

Sandy Lindsey
Chief Information Security Officer
Information Technology Services
The University of Tennessee
Institute of Agriculture

 

 

G061​ McCord Hall
2640 Morgan Circle Drive
Knoxville, Tennessee, 37996
Phone: (865) 974-7292; (865) 806-5224
sandy@tennessee.edu

Secret Link