This Week’s Cybersecurity News, 02/02/2023

Share on

Happy Friday Eve!

This week I only have some current threats to tell you about.

Current Threats

  • Assignment (spear phishing)
    • I first notified everyone of this on Monday, when it started, but I want to mention it again.
    • The messages typically look like they come from a supervisor or other member of leadership.
    • When this appears to be coming from one unit, it is usually followed by messages appearing to be from other Institute leadership.
    • The subject is your name
    • The message is very brief.
    • The message has a sense of urgency.
    • The sender’s reply-to address is almost always from an @gmail.com account.
    • If you reply, you will most likely be asked to go buy gift cards and email the cards’ codes.
    • Do NOT buy gift cards!!!
    • Do NOT reply.
    • The sender is asking you to respond back via email, but the sender’s email address is NOT the address of the person from whom the message appears to be coming, plus policy states that we must use our UT email address for anything work-related.
    • It looks like the email was sent to just you, but the sender used org charts and has blind copied lots of others!
    • If you are unsure of the email, forward it to me or pick up the phone and call the person who supposedly sent it and ask before doing anything else.
    • Please use Reporting Phishing Attempts to forward the message and its Internet header to OIT Abuse and me.
      • It is important to follow these instructions so that you include the Internet headers when reporting.
      • The Internet headers are what our email administrators use to block the sender from sending more emails from that IP address.

  • PayPal Invoice (phishing)
    • The sender has an address with @icloud.com.
    • The subject is Invoice#<…>.
    • The email says that  $688.99 is being charged to your account. (The amount may vary.)
    • The charge is for a new IPHONE 14 (note that most people selling Apple products would never write iPhone in all caps).
    • These kinds of emails usually come with a link or attachment that will install malware when you click, but this email has nothing to click.
    • The outcome the sender is hoping for is that you will think you are being charged and will call the number shown.
    • The phone number shown in the email’s content is NOT a number for PayPal.
    • Calling the number will result in the cybercriminal on the other end of the line asking for your personal information, including PayPal and credit card information, so they can “help” you cancel the order.
    • If you receive this email or any similar emails, please report it using the instructions found at Reporting Phishing Attempts.
      • It is important to follow these instructions so that you include the Internet headers when reporting.
      • The Internet headers are what our email administrators use to block the sender from sending more emails from that IP address.
  • Remote Job Possibility (phishing)
    • The subject is ADMINISTRATIVE ASSISTANT REMOTE JOB.
    • The message appears to be from someone within UT, with one being from an address using @uthsc.edu.
    • The contact information, however, is showing someone with a different name and using an address with @gmail.com.
    • The phone number provided has a Los Angeles area code.
    • There is no company information to be found in the email.
    • The content says that you make $400 weekly by assisting some visiting professors with basic admin duties.
    • This is not something to which anyone should respond.
    • There is no job.
    • Similar scams such as this one will typically get you to believe that you are hired, then will ask for specific personal information and they often ask you for money first, then the cybercriminal will steal that money.
    • If you receive this email or any similar emails, please report it using the instructions found at Reporting Phishing Attempts.
      • It is important to follow these instructions so that you include the Internet headers when reporting.
      • The Internet headers are what our email administrators use to block the sender from sending more emails from that IP address.
    • Please share this with your students, as they are often the true targets of this particular scam!

Thanks for all you do to protect the Institute and its data, including sharing these scams with me. I am here to help you, so please don’t hesitate to let me know if you have questions or concerns.

Sandy

Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone else has an email group for students who are not employees of your department, please let me know what that address is and I can include it. I do this as a blind copy so student names and addresses will not show up!