This Week’s Cybersecurity News, 02/06/2024

Share on

Good morning!

Today I want to tell you about a couple of current threats. The first one seemed to hit a lot of mailboxes at or after 5:00pm yesterday.

Current Threats

  • Pay Dates (phishing emails)
    • These emails show they are from University of Tennessee, but in the gray box that says “You don’t often get email from…” notice that the address is <YourNetID>@bu.edu.
    • “bu.edu” is the domain for Boston University.
    • The subject is Updated Pay Dates.
    • The message says that your pay dates have changed and that you should “refer to calendar.”
    • There is a link to click, but please don’t click it because it appears to take you to an eCommerce marketing platform and may possibly start the installation of malware.
    • If you receive an email like this, or any other suspicious email, please report it using the Reporting Phishing Attempts instructions.

  • Urgent Assistance (spear phishing email)
    • The sender appears to be one of our department heads, however, the accompanying email address has *nothing* to do with the department head and is a Gmail address.
    • There is no subject.
    • The message is very short and says that they “need your assistance urgently.”
    • There is nothing else to go on, so the sender is hoping you will reply to the message and they will then get to you go buy gift cards.
    • Please do not respond, as there is nothing legitimate about this.
    • If you receive an email like this, or any other suspicious email, please report it using the Reporting Phishing Attempts instructions.
    • If you would like a refresher on spear phishing, you can see many of the past threats we have encountered by going to https://utiasecurity.tennessee.edu/tag/spear-phishing/.

Thank you all so much for everything you do every single day to protect the Institute and its data. Please continue to let me know about potential scams you are seeing. And please let me know any time you have any questions or concerns when it comes to IT security!

Have a great rest of the week!

Sandy

Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone has an email group for students who are not employees of your department, please let me know what that address is and I can include it. I do this as a blind copy so student names and addresses will not show up!