It has been another busy month and this newsletter shows that. It seems that things have not been letting up when it comes to phishing emails or global threats. As always, I really appreciate the conscientiousness shown by the faculty and staff with the Institute.

Security Tips for March

Junk Email

Like you, I receive an inordinate amount of email that I don’t ask for or want, but sometimes I find something of interest that I will verify before clicking on anything. However, more often than not the emails are unsolicited junk from vendors of whom I have never heard. I often use Block Sender to prevent the senders from filling my mailbox with the “Why haven’t you answered me?” emails.

If you haven’t done this, here is how:

1. Right-click on the message preview and scroll down to Junk.
2. Hover over Junk, then click Block Sender.
3. You will get a message telling you that the address has been added to your Blocked Senders List and the message has been moved to the Junk folder.

But there is another part to this. You get regular messages from quarantine@messaging.microsoft.com showing prevented spam messages. Scroll through that list and look at the sender and the subject. You have three choices:

1. Block Sender – Click this if you didn’t ask for/want the message or other messages from this sender in the future.
2. Release – Click this if you know for sure that the sender is real and that this is going to be a legitimate message. This puts the message back in your inbox.
3. Review – This will open Microsoft 365 Defender in a browser window and will show you mail that has been classified as malware, spam, phishing, or bulk. You can preview the message by clicking the three dots beside “View Message headers.” If this is an email you were expecting, you can click “Release email.”

Keep in mind that even though the messages here are in quarantine, don’t click links in the content. And please, please, please, only release those things you are absolutely positive are legitimate. If you are unsure of anything, just ask me.

Multi-Factor Authentication

• All UTIA faculty and staff are required to use two-factor authentication for logging into any applications using Central Authentication Service (CAS), such as Banner, Canvas, Cayuse, Elements, Faculty Review, K@TE, Lynda.com, MyIRIS, OIT Software Distribution, QuestionPro, SUPER, SUPER 2, and Zoom. 
• UTIA uses Duo either through a token or through your smartphone.
• If you are not using Duo for the apps listed above, please contact me by email.
• In addition to using multi-factor authentication (MFA) for work logins, many other organizations such as banks, health care, credit cards, retail, etc., offer you the opportunity to use MFA when logging into those accounts.
• If you have been given an opportunity to set this up, I highly recommend it.
• Anytime you have to verify your login beyond the use of just a password, the more protected your data is.
• In fact, industry research shows that users who enable MFA are about 99% less likely to have an account compromised.

Current Threats

Phishing Scams

• Strictly Adhere!!!
  • This message went out to quite a number of people yesterday, 03/28.
  • The message says that “office 365 has two different logins with two universities portals.”
  • The message also has a sense of urgency because you are to do something (i.e., log in) within 24 hours and use your same password you would normally use (mentions this twice!).
  • The message even tells you to copy and paste the URL into the browser’s address bar to gain your trust, since malware is not known to load if the address is manually entered.
  • The key here is that the hacker is wanting your Office 365 password.
  • The sender looks to be affiliated with UTK, but I have verified she is not.
    
• Amazon Order Confirmation
  • The email appears to be an invoice for an order for a computer or other high-priced item.
  • The email shows that the order was paid for.
  • The email is from someone with a Gmail address and is almost always sent to you using a made-up and generic Gmail address, but is really linked to your real email address (along with many others).
  • The point is to get you to call the number given so the person on the phone can look into the order and ask for  your credit card number in order to “issue a refund” for something that was not charged to you.

Other Cyber Threats

• Security Updates for Chrome
  • Google has released Chrome version 99.0.4844.84 for Windows, Mac, and Linux.
  • This version addresses a vulnerability that an attacker could exploit to take control of an affected system.
  • Desktop Central should be updating browsers, but if you have been given explicit approval to not get updates immediately due to research processes, please make sure you go get the update now.

Global Cybersecurity Information

Cybersecurity & Infrastructure Security Agency (CISA)

• Most of the information I share with you comes from CISA, which is a part of the Department of Homeland Security.
• CISA leads the Nation’s strategic and unified work with regard to cybersecurity in the following areas: Federal Government; State, Local, Tribal, and Territorial Government; Private Industry; Academia; NGO and Non-Profit; and General Public.
• CISA is dedicated to protecting the Nation’s Critical Infrastructure.

I know that was a lot of information to read, but if you need to go back and refer to it later you can always find it on the UTIAsecurity website, along with all the other newsletters, emails, and important information. Please don’t ever hesitate to contact me when you have any questions or concerns.

Thank you so much for all you do!

Sandy