Happy Friday Eve!

The past two days have gotten a little crazy with spam emails. Today I want to share with you some of the top threats. Please keep in mind that the sender, subject, and content can all change frequently, but the overall emails are typically very similar.

I want to remind you that these newsletters can always be found on the UTIAsecurity website. If you want to reference something you think you read in the past, go to https://utiasecurity.tennessee.edu/knowledge-base/ and click the tags on the left-hand side to see everything that pertains to that subject.

Current Threats

• Request #1 (spear phishing emails)
  • These emails look to be coming from one of our deans.
  • While the name is showing as the sender, the accompanying email address is barbararemember@gmail.com.
  • The subject is Emergency.
  • The message says, “Do  you have a moment I have a request I want you to handle discreetly. I am going for a meeting now, no calls so just reply my email.”
  • Please keep in mind that these are targeted emails.
  • The sender will find a trusted leader via org charts, websites, social media, etc., then sends a message using the blind-copy method so it looks like this trusted leader is choosing to contact only you with this very important task.
  • Always check the sender’s email address before you do anything.
  • Remember that UTIA IT0110 – Acceptable Use of Information Technology Resources states that it is against policy to send work-related emails using a personally-owned account, so even if you don’t know the real person’s Gmail address, they should not send anything using it.
  • If you receive an email like this, or any other suspicious email, please report it using the Reporting Phishing Attempts instructions, but please remember to include the Internet Header.
  • Refer to https://utiasecurity.tennessee.edu/tag/spear-phishing/ to read about past spear phishing attempts.

• Request #2 (spear phishing email)
  • Sender appears to be the UTIA Senior Vice Chancellor and Senior Vice President but is using onlineoffice7211@gmail.com.
  • The subject is <Recipient’s Name>.
  • The message says, “Do you have a moment  I have a request now and only have access to mail no call just only Mail. Sent to my mail”
  • Again, this is a targeted email.
  • Again, an Institute leader (or any Institute employee) would not use a Gmail account to send you something like this.
  • If you receive an email like this, or any other suspicious email, please report it using the Reporting Phishing Attempts instructions, but please remember to include the Internet Header.
  • Refer to https://utiasecurity.tennessee.edu/tag/spear-phishing/ to read about past spear phishing attempts.

• Fake Subscription Renewals (phishing emails)
  • I have been told of numerous versions of this scam.
  • The latest ones appear to be coming from Geek Squad, McAfee, and Norton.
  • The emails are sent from various addresses, but none are using official emails from known companies.
  • Like UT, I can pretty much guarantee that these known companies do not allow their employees to send official emails from personal accounts.
  • Most of the time, you will see very minor errors in the way a company’s name is written, so pay close attention to that (e.g., Mcafee instead of McAfee).
  • Any phone numbers included in these emails are not official phone numbers and are part of the scam.
  • If you want to call a company like McAfee to verify, use their known phone number from their known website.
  • If you receive an email like this, or any other suspicious email, please report it using the Reporting Phishing Attempts instructions, but please remember to include the Internet Header.
  • Refer to https://utiasecurity.tennessee.edu/tag/phishing/ for past phishing attempts.

• Fake Invoices (phishing emails)
  • The sender is not even bothering to mention a company name they are pretending to represent and there is no email signature at the bottom.
  • The sender’s email address is likely a Gmail account.
  • The content is very brief, but has so many errors in formatting, including zero punctuation.
  • The sender is including an attachment of the supposed invoice bill (please do NOT open).
  • If you receive an email like this, or any other suspicious email, please report it using the Reporting Phishing Attempts instructions, but please remember to include the Internet Header.
  • Refer to https://utiasecurity.tennessee.edu/tag/phishing/ for past phishing attempts.

• Office 365 Warnings (phishing emails)
  • This one may be a little harder to catch.
  • The supposed senders include a UT student and a UT employee.
  • The subject varies, but includes Your Office 365 school account is at risk!! and Email Maintenance Verification Needed!!
  • The content is the same for both of the these subjects, even though the supposed senders differ.
  • The message says that you need to copy and paste the URL given (the link had been removed) and fill in the form.
  • The URL is NOT a valid UT address!
  • These supposed senders even use UT logos at the bottom of the emails, and they seem to match up with what you may expect from each of the real people involved.
  • It was determined that the user accounts had actually been compromised and all activity was immediately stopped and emails were withdrawn from inboxes across the UT System.
  • Thanks to those who reported the email as soon as you got it because it helped the OIT email administrators stop this as soon as they saw the trend.
  • If you receive an email like this, or any other suspicious email, please report it using the Reporting Phishing Attempts instructions, but please remember to include the Internet Header.
  • Refer to https://utiasecurity.tennessee.edu/tag/phishing/ for past phishing attempts.

Important Reminder (repeat from January!)

• Please make sure you are reading…and following…the Institute’s AUP!
• UTIA IT0110 – Acceptable Use of Information Technology Resources defines guidelines for UTIA and its IT assets.
• Users are required to review the AUP at least annually and to have an understanding of and full compliance with these guidelines (aka rules), which are based on the UT System AUP.
• Just a few of these rules include:

1. Users will: Comply with all Institute policies and procedures, as well as all University policies, to ensure confidentiality, integrity, and availability of Institute-owned and any other University-owned IT assets under their control.
2. Users will: Be responsible for using Institute-owned IT assets and understand the associated backup and retention policies and best practices.
3. Users will: Use only supported and patched applications and operating systems on Institute-owned devices.
4. Users will NOT: Share access codes or passwords.
5. Users will NOT: Use any email account other than the UT-provided email account for conducting Institute and University-wide work-related business. (We still have some people who are using an account other than the UT-provided email account, so please be sure you pass this information along to them right away!)
6. Users will NOT: Engage in activities that violate Institute policies, plans, or procedures; local, state, or federal law, an Institute or University contractual obligation, or other University policy or rule including but not limited to Human Resources policies and Standards of Conduct for students.
7. These rules are in place to protect the Institute and its data; the University as a whole; and the users.

Thank you all so much for everything you do every single day to protect the Institute and its data. Please continue to let me know about potential scams you are seeing. And please let me know any time you have any questions or concerns when it comes to IT security!

Have a great rest of the week!

Sandy

Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone has an email group for students who are not employees of your department, please let me know what that address is and I can include it. I do this as a blind copy so student names and addresses will not show up!