This Week’s Cybersecurity News, 07/09/2026

Share on

Good morning, everyone.

Today I have one current threat to share with you. I also need to remind everyone about reporting phishing and using the VPN.

Current Threat

  • ClickFix Vectors
    • Last summer I had talked about some Institute computers that had been compromised by fake CAPTCHA attacks.
    • Well, it is happening again, so I want to remind everyone of these attacks and tell you a little more about them.
    • We have all been on a site that asks us to use the CAPTCHA security challenge that distinguishes humans from bot activity, but you need to know how to identify these fake CAPTCHA challenges.
    • These fake CAPTCHA challenges can be on a real site through ads on the site or some compromised content on the site but are most often found by clicking site links in phishing emails.
    • Through these fake challenges the hacker will trick users into executing malicious code on the users’ own devices and will cause the device to be managed by an attacker-controlled Command and Control (C2) server.
    • The malicious code can steal passwords, cookies, data, etc.
    • If you ever get a CAPTCHA challenge that asks you to press the Windows key + R, then has you press CTRL + V, and Enter, this is a fake CAPTCHA.
    • This fake challenge is actually taking you to Windows Run, where pasting something and pressing enter is going to start the malware install.
    • It is very important to remember to never trust being asked to use the Run dialog (Windows key + R) when you are doing any CAPTCHA challenge.
    • In addition to fake CAPTCHA, ClickFix uses other common attack themes.
    • In addition, these attacks work by luring you with a fake virus alert, broken website error, or other unexpected popup.
    • Like the fake CAPTCHA, hackers will use a fake Cloudfare or reCAPTCHA prompt, which may appear at random times and claim you must run a script in order to prove you are not a robot.
    • Hackers will also use fake system errors, such as a fake Windows Update screen or fake browser errors that demand a quick manual fix.
    • Hackers will also build fake websites offering free tools that will tell you to run a script to fix a missing file during the download.
    • Please do not fall for any of these attacks.
    • Never copy and paste strange commands from popups or error pages.
    • Know that legitimate human-verification checks will never ask you to enter manual system commands.
    • Take a close look at the real web address and remember that fake sites often have slight differences in spelling, such as swapped characters, missing characters, or the use of numbers instead of letters (like “0” instead of “O”).

Important Reminders

  • Reporting Phishing or Junk Emails
    • While the process for reporting phishing or junk emails changed last year, I want to remind everyone of this process.
    • Please go to Reporting Phishing Attempts & Junk Email and bookmark this page for future reference, as details are found here and are updated when necessary.
    • Please know that you can always ask me about any suspicious email before you report it.
    • I am more than happy take a look at it *and* it lets me know if there is a new threat that I need to warn everyone about.
    • I also want to remind everyone that if you report something as phishing, you may still get an email response saying that the email was found to be safe or clean.
    • The new phishing detection system is still “learning” some of the new threats as they come in.
    • The threats that have not been seen or reported before often look very real, but this new system needs these things to be reported by several people before it picks up on the threat.
    • If you do get a message saying the email is found to be safe or clean, you can find it in your deleted folder from the phishing report, so just use “Report Junk” and it will keep that address from sending additional emails to your Inbox.
  • VPN Usage
    • Any time you are working remotely, whether traveling or at home, you are required to use the UT VPN, Ivanti Secure Access Client, to access any UT assets or data.
    • The VPN is establishing a secure connection that creates a tunnel encrypting the Institute’s data when you are not on our secure UT network.
    • If you are traveling and you are told that a secure network is available for you, you must still use the VPN for anything work-related.
    • If you are traveling internationally, be absolutely certain the country you are visiting allows the use of a VPN and if it doesn’t, then do not access any UTIA or UT systems or data.

You all do a great job protecting the Institute and its data, students, employees, clients, and yourself. I truly appreciate it! Please let me know if you ever have any questions or concerns.

Sandy

Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone has an email group for students who are not employees of your department, please let me know what that address is, and I can include it. I do this as a blind copy so student names and addresses will not show up!