This Week’s Cybersecurity News, 02/09/2023

Share on

Happy Friday Eve!

I have some  current threats to discuss today. I am also including the information you need to know for reporting cybercrime. Remember that if someone is trying to trick you into giving your personal information, data, money, etc., it is happening to others, as well. Reporting a scam or an unwanted call goes a long way in trying to protect everyone.

I am also excited to start a new topic called “Ask Your CISO” and we can see how this goes. If you have a security question, let me know! Sometimes I may mention something using security-speak that doesn’t make sense, so if I do that, I’m sorry, but I am happy to better explain it. And maybe you hear something related to cybersecurity in the news or on social media and you want to know more. I am happy to help with that, too.

I appreciate anything you want me to better convey in these newsletters. I am here for you and with you, and I want to make security easy to understand. So all you have to do is “Ask Your CISO” and I will do my best. And thank you Dr. K for giving me the inspiration to try this.

Current Threats

  • Remote Job Possibility (phishing)
    • This is very similar to last week’s remote job threat.
    • The subject is PART TIME BITCOIN REMOTE JOB.
    • The message appears to be from someone within UT, this time using @utm.edu.
    • If you try to block this sender you can’t because the email address “appears” to be a UT address, but has been spoofed (see below for information on spoofing).
    • The contact information, however, is showing someone with a different name and using an address with @gmail.com.
    • This email has no phone number.
    • There is no company information to be found in the email (infocareers2022 is not a company).
    • The message is clear that you are to use an alternative email address, not your work or school address.
    • The message says that individuals are needed who can VISIT at least one BITCOIN ATM every week for a survey.
    • The message says that you make $350 for each task performed, with a maximum of three tasks per week.
    • This is not something to which anyone should respond.
    • There is no job.
    • If you receive this email or any similar emails, please report it using the instructions found at Reporting Phishing Attempts.
      • It is important to follow these instructions so that you include the Internet headers when reporting.
      • The Internet headers are what our email administrators use to block the sender from sending more emails from that IP address.
    • Please share this with your students, as they are often the true targets of this type of scam!
    • In addition, please be very way of anything having to do with cryptocurrency, as the FBI warns the public that cryptocurrency scams are still on the rise.
  • Assignment (spear phishing)
    • This is still continuing, but appearing to come from different people.
    • The messages typically look like they come from a supervisor or other member of leadership.
    • The subject is varied.
    • The message is usually very brief and vague.
    • The message has a sense of urgency.
    • The sender’s reply-to address is almost always from an @gmail.com account.
    • If you reply, you will most likely be asked to go buy gift cards and email the cards’ codes.
    • Do NOT buy gift cards!!!
    • Do NOT reply.
    • The sender is asking you to respond back via email, but the sender’s email address is NOT the address of the person from whom the message appears to be coming, plus UTIA’s policy states that we must use our UT email address for anything work-related.
    • It looks like the email was sent to just you, but the sender used org charts and has blind copied lots of others!
    • If you are unsure of the email, forward it to me or pick up the phone and call the person who supposedly sent it and ask before doing anything else.
    • Please use Reporting Phishing Attempts to forward the message and its Internet header to OIT Abuse and me.
      • It is important to follow these instructions so that you include the Internet headers when reporting.
      • The Internet headers are what our email administrators use to block the sender from sending more emails from that IP address.

Ask Your CISO

  • What Is Spoofing?
    • When a hacker pretends to be someone they are not in order to deceive their victims, they are using a tactic known as spoofing.
    • The hacker wants to gain your trust, so they use names, email addresses, phone numbers, etc., of someone you actually know.
    • Spoofing is often used in spear phishing (email), vishing (voice mail), and smishing (SMS text messaging).
    • Spoofing can be done in many ways, but the most used methods we see are:
      1. Spoofed emails
        • An attacker appears to be a known contact by altering the “From” field to match a trusted contact.
        • The trusted contact’s account is not hacked because the hacker makes the email only appear to come from the sender.
        • The hacker uses a Simple Mail Transfer Protocol, or SMTP server, and an email platform such as Outlook or Gmail.
        • The hacker changes fields within the message header, such as the FROM, REPLY-TO, and REUTRN-PATH fields, so the email recipient doesn’t see the true path.
        • I hope this information helps you understand why it is so important to include the header when reporting the phishing email.
      2. Spoofed phone numbers (Caller ID spoofing)
        • First, please let me make it clear that the FCC prohibits the use of inaccurate caller ID information with the intent to defraud, cause harm, or wrongly obtain anything of value…and illegal spoofing can carry penalties of up to $10,000 for each violation.
        • Voice over Internet Protocol (VoIP) has made spoofing phone numbers a common thing.
        • VoIP is basically a phone service delivered via the Internet and allows the user to set up their display number as a part of the configuration page on the provider’s web interface.
        • In addition, the caller’s name can be configured as part of the settings, explaining why you may get a call from a UT number along with “University of Tennessee” in the Caller ID but is actually someone in another state trying to sell you something or steal your information.
        • In addition, some spoofing services allow customers to pay upfront for a PIN number for placing calls then, dialing the number provided by the service, they enter their PIN, enter their outgoing call number, then enter the number they want to appear as their caller ID.
      3. IP spoofing
        • IP spoofing is a method that hackers will use to create Internet Protocol (IP) packets with a fake source IP address to impersonate another computer on the network.
        • It is sometimes done as easily as changing your computer’s network settings, although it is typically a bit more involved.
        • Since this type of spoofing is often done at the network layer, it is often difficult to trace.
      4. Website spoofing
        • Hackers will create a website that closely resembles a trusted brand in order to trick users into thinking the site is real.
        • The URL may be almost identical, but may use a “0” instead of an “o” or “O,” for example.
        • When you see the link in an email or on another site it can look so much like the official site, you may not notice and will click on it.
        • Clicking on a spoofed website can cause numerous problems, such as the cybercriminal stealing your personal information or actually starting the process of installing malware, including ransomware.
    • While all of these methods are deceitful, they may not necessarily be considered illegal unless there is “the intent to defraud, cause harm, or wrongly obtain anything of value.”
    • The FCC states that intent to harm is hard to prove, and legitimate businesses can’t be accused of having the intent to harm.
    • I still recommend that if you are getting spoofed emails and calls from spoofed numbers, it is in everyone’s best interest to report it.

Reporting Cybercrime

If you believe you have been a victim of cybercrime, it is important that you report it as soon as possible. There are several resources for reporting and when you report, you are helping make the Internet safer for everyone.

Thank you so much for all you do to protect the Institute and its data, including sharing these scams with me. I am here to help you, so please don’t hesitate to let me know if you have questions or concerns. And don’t forget to “Ask Your CISO” when something is on your mind!

Sandy

Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone else has an email group for students who are not employees of your department, please let me know what that address is and I can include it. I do this as a blind copy so student names and addresses will not show up!