This Week’s Cybersecurity News, 03/01/2023

Share on

It’s March 1, and the first thing I want to do is welcome Dr. Keith Carver, our new Senior Vice Chancellor and Senior Vice President. This is a great time for the Institute and it is so incredible to have Keith join us.

Today I have a non-threat to tell about. There are also some current threats and I received a great question about QR codes.

Current Non-Threats

  • OIT Survey (email)
    • The subject is Your feedback is more important than ever!  Please complete the Annual OIT Customer Satisfaction Survey.
    • The sender is Vice Chancellor for Information Technology and Digital Innovation <oitutkcio@utk.edu>.
    • The message requests that you take a 10-15 minute survey to assess your satisfaction with UTK OIT’s services.
    • The message has a link for the survey, tiny.utk.edu/oitcustomersurvey.
    • The message tells you that you can choose to enter a drawing for $100 after completing the survey, and this one is actually legit.

Current Threats

  • Voice Phishing (vishing)
    • We are all being inundated with phone calls from unknown people claiming to want to help us with something that we didn’t know we needed.
    • These unsolicited calls are not only an irritating interruption, they are also likely being used to collect personal or business data for the callers’ gain.
    • For instance, a recently reported vishing scheme involved someone calling one of our departments asking about their new Lenovo printer, although it is unclear how the caller knew about the printer.
    • The caller was pushy, wanting to sell them supplies for this new printer, and kept insisting that they would get a great deal.
    • The person who reported this looked up the caller’s phone number, which showed “Private Caller” on Caller ID.
    • The phone number showed as belonging to Datatek Services Inc., so the very perceptive person (thank you!) looked them up on the Better Business Bureau’s website.
    • The BBB showed that others have reported this company as getting you to say “Yes” to something, anything, then claiming you agreed to purchase items you should, but may not, receive in the mail.
    • The company is also reported as sending invoices for past due payments, even if you didn’t truly agree to any purchases.
    • The most important thing to remember is to never, ever say “Yes” to anything the caller asks…even if they ask if your name is <name>.
    • If you feel that the caller is being pushy and trying to get information they shouldn’t have, hang up the phone.
    • If you ask the caller a question and they avoid answering, hang up the phone.
    • If you just get the feeling that something is not right, hang up the phone.
    • Unsolicited phone calls are really no different than unsolicited email and both are better left alone.
    • There is no official way to report vishing calls, so you can always call or email me to let me know about them.
  • OFFICE365 (email)
    • The sender shows to be Cynthia Howell and has an email address with UTHSC.
    • The subject is OFFICE365.
    • The message tells you, “that your Office365 Edu email accounts and password will expire in 24 hours.”
    • There is a link for you to click on to “update your password,” but please DO NOT CLICK!
    • The message is pretty much a mess of font sizes with lots of mistakes and looks quite unprofessional.
    • “Office365” is not written consistently, but it also helps to know that Office 365 is now known as Microsoft 365.
    • The supposed sender was once an employee at UTHSC, but left in June 2022, but there is no reason an employee of UTHSC would be contacting UTIA employees about anything like this.
    • If you receive this email, please forward it, along with the Internet header, using these instructions, Reporting Phishing Attempts.
  • Arabic Email (email)
    • The sender is althani acts with a Yahoo email address.
    • The subject is in Arabic.
    • The email’s content is in Arabic.
    • This email, when translated, is about a book published by Dar Al Thani showing the pocketing of money by some Qatari officials.
    • The message appears to be political in nature.
    • The message appears to be sent to a variety of people, some are not with UT.
    • The recipients may be from a random mailing list that has been shared or purchased online.
    • If you receive this email, please block the sender by right-clicking in the message preview, scrolling to “Junk,” then selecting “Block Sender.”
    • Please forward the email, along with the Internet header, using these instructions, Reporting Phishing Attempts, to help OIT Exchange administrators block future messages.

Ask Your CISO

  • Can cybercriminals abuse QR codes?
    • As with anything technical, cybercriminals can and will do anything possible to trick victims.
    • While OR codes can make transactions fast and easy, cybercriminals and hackers can misuse them for malicious activity or profit.
    • The FBI has issued reports that cybercriminals have been targeting both physical and digital QR codes.
    • The QR codes themselves cannot be hacked, but the problem is that hackers can create fake codes to replace or cover legitimate codes that send unsuspecting users to a malicious website.
    • QR codes can be looked at, in a way, as a phishing attack.
      1. You are being redirected for malicious intent.
      2. Your personally identifiable information is at risk.
      3. Your financial information is at risk.
      4. You may be infected by malware.
    • So first, make sure you are using an acceptable QR code scanner with built-in security features, as these security features can display the content of the link and check the link against a database of known malicious links.
      1. As with any app, do not download a QR code scanner from a QR code or link in an email.
      2. Download the code scanner app from a known and trusted app store on your phone and choose a scanner app that has lots of downloads and a high rating.
    • Physical codes can be found on places like parking meters, national parks, etc.
    • Before scanning a physical QR code, touch it to make sure there is no sticker placed over the original QR code.
    • If you get a QR code in an unsolicited email, please do NOT scan it, as it is much like clicking a link or opening an attachment.
    • If you scan a QR code and you’re a asked to log in, please do NOT log in using any credentials, as this is not the purpose of a QR code.
    • Many smartphone cameras running the latest OSes will give you a preview of the code’s actual URL as you start to scan it.
    • Pay close attention to the URL to which you are being directed and stop the scan if it looks wrong.
    • And never scan a randomly found QR code.

Thank you so much for all you do to protect the Institute and its data. I am always here to help you, so please don’t hesitate to let me know when you have questions or concerns. And I truly appreciate your feedback!

Sandy

Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone has an email group for students who are not employees of your department, please let me know what that address is and I can include it. I do this as a blind copy so student names and addresses will not show up!