Good afternoon, all.

Today I want to remind you of some recurring threats that just won’t go away. These are randomly reappearing but I want to remind everyone so it is on your minds. I also will begin with a non-threat that you will likely be receiving another email about

Current Non-Threat

• W-2 Statements (email)
  • You likely received an email within the last week regarding W-2 statement distribution and access.
  • The email came from the UT System Office of Payroll, Benefits and Retirement.
  • Since I do post the newsletters on my UTIAsecurity site, I don’t want to give all the specifics, but I do want you to know this is legit.
  • You will soon be receiving detailed information to register for online access to the service provider UT System is contracting with for this.
  • In addition to this online access, you will continue to receive a paper W-2 statement which will be mailed by the end of January.

Current Threats

• Fake Calendar Invites (calendar event)
  • Scammers are continuing to use calendar events for phishing attacks.
    • As a reminder, calendar invites come through email, but these “invites” don’t appear to have a matching email notification.
    • The scammer is hoping you will respond to the calendar invite by clicking on a link or the RSVP option.
    • Microsoft says that an Outlook calendar invite always sends an email notification by default when the invite is created or updated, but the email notification may be redirected or hidden.
    • You should look in your Deleted Items folder in Outlook to find the email notification.
    • When you find the message, please use the red “Report” button to report as phishing.
    • If the red Report button is not working, please do NOT forward to abuse@utk.edu because it will notify the sender.
    • And please make sure you are using the latest version of Outlook, which is Microsoft 365. (Refer to the specifics in This Week’s Cybersecurity News, 10/23/2025.)
    • It is important to report this because when you click the Report button it will remove the email and the calendar event.
  • In your Outlook calendar, right-click on the event.
  • You will see a popup of options from which to choose.
  • Hover over “Delete” at the very bottom of the list.
  • If it was set up as a one-time only calendar event, Delete will show only a trash can, so click Delete.  
  • If it was set up as a recurring event, you will see you an option to choose to delete the occurrence or series. If it does click on “Do Not Send a Response” under series.
  • If you have questions or concerns about one of these emails, please send me a screenshot of the email invite or the Teams Activity, as this is the one time you do not want to forward it.

• Retirement Planning (phishing email)
  • There are emails that continue being sent from various potential retirement consultants.
  • The sender varies greatly.
  • The subject will vary but will likely mention a free retirement consultation.
  • The content will imply the consulting company is associated with UT.
  • The content may contain your job title, department, or other information that would make you think a UT department is involved, but it is not.
  • The content can be obtained from various locations such as the departmental website.
  • The company may or may not be a legitimate retirement consulting company, but they are NOT affiliated in any way with UT’s Office of Payroll, Benefits and Retirement.
  • The motive behind these free “consultations” is to ask you to provide your personal information, including birthdate and Social Security number, which can be used to steal your identity.
  • If you wish to have a legitimate personalized retirement consultation, please visit the  Seminars and Personalized Consultation page of the Retirement Services website, as these are the ONLY UT-affiliated contacts.
  • You can also visit the Retirement Services webpage for How-To Guide for Employees Ready to Retire.
  • You can choose to use a consultant of your own choosing, but please do your research first.
  • And remember that if someone reaches out to you about personal matters instead of your reaching out to them first, it is probably best to completely ignore them.
  • You can also let me know any time you have concerns about emails like these.

I thank each of you for all the work you do and for being so cautious when it comes to potential scams. I really appreciate you protecting the Institute’s data!

Please stay safe and warm these next several days!

Sandy