Current Non-Threats, Current Threats, Security Awareness Newsletters

This Week’s Cybersecurity News. 01/13/2023

Posted on Jan 13, 2023Share on

Five people standing in front of a large screen background with a handprint.

This week’s e-newsletter contains information about a couple of current non-threats. It also lets you know about three current threats that have been seen this week. And finally, there are some Adobe updates you should make sure you have.

Current Non-Threats

  • McLean & Company Survey (email)
    • Email is from McLean & Company <survey@mcleanco.com>.
    • Subject is McLean Employee Experience Survey.
    • The content shows various colors of blocks numbered 0 – 10.
    • UT President Randy Boyd is very invested in having McLean & Co do these surveys regularly to gauge the employee satisfaction level with UT as an employer.
    • Last year these quick surveys went out in January, April, July, and October.
    • Additionally, a more personalized survey that took about 15-20 minutes to complete went out in September.
    • I suspect these will continue in 2023, with the same regularity.
  • DASH Transformation Survey (email)
    • Email is from DASH Project <dash@tennessee.edu>.
    • Subject is Coming Soon – DASH Transformation GPD (TGPC) Survey!
    • This message is real if you are one of the ~25 DASH Team participants with UTIA.
    • The email says that the first TCPS survey will be sent out on 01/18/2023.

Current Threats

  • Part-time Job Offer (phishing)
    • Email appears to be from a UT student.
    • The Subject is Personal Assistant Service.
    • The message says that all email recipients are encouraged to be a part of this offer.
    • The message says that you will work from home 2-3 hours per day.
    • The message says that the job pays $400 (it doesn’t say if paid weekly, monthly, ???)
    • Please do NOT click the Apply Here button, as malware may be attached.
    • This is not a real job offer and you will be asked to send money to set up your account.
    • You will not see your money again.
    • PLEASE share this information with all of your students, as they may not know this is a scam without someone telling them!
    • Please report the email using the instructions found at Reporting Phishing Attempts.
  • Norton Invoice (phishing email)
    • The sender appears to be Norton Support, but the email address is service@paypal.com.
    • The subject is Invoice from Norton Support.
    • The email says that  $699.00 is due on receipt. (The amount may vary.)
    • There is a button to allow you to view and pay the invoice, but do NOT click.
    • There is a note that this is a Norton 360 Premium subscription and will “renew successful” with the $699 being debited from your PayPal account.
    • The footer is likely a copy of a legitimate PayPal footer and shows the actual address of PayPal in San Jose, CA.
    • The phone number shown in the email’s content is NOT a number for the PayPal service team, but appears to be a mobile number for a person in Hawaii.
    • If you receive this email or any similar emails, please report it using the instructions found at Reporting Phishing Attempts.
  • Spear Phishing Attempts (email)
    • The sender claims to be your boss or someone in a leadership position, but the return address is most often a gmail account.
    • The subject varies greatly.
    • The email is quick and vague.
    • The email instructs you to reply to the email and will usually say that the “sender” is unavailable to take your call.
    • The “sender” may ask for your cell phone number so they can text instructions to you.
    • Key takeaways:
      • Policy says that we do not use personal email accounts for UT business.
      • The grammar and/or formatting is often messy and not what you would expect from leadership.
    • If you get one of these messages, know that you are not being singled out because of trust, you are one of many receiving the same message thanks to blind copies.
    • Even if the message gives specific instructions, please ignore them and either call or email the person supposedly sending the email, but do not reply to the email and use only known email addresses and phone numbers!
    • The motive for these emails is to get you to buy gift cards and send the codes via email to the cybercriminal and you will lose the money you spent.
    • Please report the email using the instructions found at Reporting Phishing Attempts.

Browser, OS, and Software Updates

  • Adobe
    • Adobe has released security updates to address vulnerabilities in multiple products.
    • Exploitation of these vulnerabilities could allow an attacker to take control of an affected device.
    • Updates are being automatically pushed to Institute-owned computers.
    • If you have recently clicked to have your computer restart later to finish these updates, please make sure your reboot right away to ensure all available updates have been applied.

Thanks for all you do to protect the Institute and its data. I am here to help you, so don’t hesitate to let me know if you have questions or concerns.

Sandy

Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone else has an email group for students who are not employees of your department, please let me know what that address is and I can include it. I do this as a blind copy so student names and addresses will not show up!

Sandy Lindsey
Chief Information Security Officer
Information Technology Services
The University of Tennessee
Institute of Agriculture

 

 

G061​ McCord Hall
2640 Morgan Circle Drive
Knoxville, Tennessee, 37996
Phone: (865) 974-7292; (865) 806-5224
sandy@tennessee.edu