Ask Your CISO, Current Threats, Security Awareness Newsletters

This Week’s Cybersecurity News, 03/20/2024

Posted on Mar 20, 2024Share on

Picture of the word "scam" with a drawn person holding up hand and has a red circle with a line through it.

Good afternoon.

This week I want to tell you about a couple of current threats, one of which is quite active right now. So many times, the threats I hear about come in waves. One week the trend may be fraudulent invoices, while another week the trend may be about remote positions. Either way, I like to let you know when I see or hear about things that are hitting a lot of mailboxes.

I am also sharing a great question for Ask Your CISO. This is something that you may not have really thought about. I greatly appreciate the user asking about it so I can share!

And finally, I have a new form that is available for departments, centers, and units who allow users to check out Institute-owned IT assets.

Current Threats

  • Direct Deposit Requests (phishing emails)    
    • This scam is trending heavily.
    • The senders are using actual UTIA employee names.
    • The email that goes with the “sender’s” name is a Gmail address, so that is a clue the email is not legitimate.
    • Remember that the UTIA AUP states that you will use only the UT-provided email account for all Institute and University business.
    • The subject varies, but most have been PAYROLL ADJUSTMENT REQUEST, Payment, and DD Info.
    • The content is very similar in all of these emails and is asking the recipient what information to send to get their direct deposit changed.
    • The goal is to have the recipient ask for the new banking information and change this for the supposed sender.
    • The banking information would definitely be fraudulent and the real employee would have all their pay moved to another bank that would not be accessible.
    • Please remember that we never deal with this kind of sensitive information via email!
    • If someone sends you an email like this, please report using the Reporting Phishing Attempts instructions.
    • And if you are an employee needing to change your direct deposit information, you must do that yourself through the UT IRISWeb Employee Self-Service portal.
      • Go to https://irisweb.tennessee.edu, logging in with your NetID and password.
      • Go to Employee Self-Service, then look for Direct Deposit under Benefits and Payment.

  • Urgent Requests (spear phishing emails)
    • This kind of emails just won’t stop!
    • The sender appears to be a member of leadership, a supervisor, a co-worker, etc., in name, but the sender’s email address is a Gmail account that usually doesn’t even have anything to do with the sender’s actual name.
    • Remember that the UTIA AUP states that you will use only the UT-provided email account for all Institute and University business.
    • These emails are targeted and the sender hopes you see the name, but won’t notice the actual address.
    • The content is very vague, seems urgent, and asks you to do a discreet favor.
    • The emails instruct you to not call, but simply reply to the email so they will send you more details.
    • These emails are not being sent to just you!
    • The sender uses the blind copy function so it looks like you are the only one being asked to do this “discreet favor,” but the email also went to MANY other people.
    • Please do not reply to the emails, but report them instead using the Reporting Phishing Attempts instructions.

Ask Your CISO

  • I’ve been wondering about all the junk mail I’m getting. Is there any problem with me “unsubscribing” and, when the link opens, typing in my email address? Some sites have “safe opt out” links (that’s what they say), others have my email address already typed in under Unsubscribe, and some require me to type it in. Is that a sort of phishing?
    • This is such an excellent question!
    • First, when you see these emails with the “unsubscribe” link, think about whether or not you have actually signed up for the senders’ emails.
    • Chances are, you did not sign up, but you have been added to their mailing list, anyway.
    • If this is a reputable company and you definitely recall signing up for emails or promotions, you can click the button to unsubscribe and it will take you through their process to be removed. (The reputable companies should be following proper mailing list protocols!)
    • If you don’t recall signing up for emails or you have never heard of the company sending you these emails, please don’t click!
    • Clicking the unsubscribe button in an email that is not legitimate or from a reputable source can actually cause other issues.
      • At best, when you click it may verify that your email is an active account and will cause you to start receiving even more spam!
      • Clicking a link or button could actually begin installing malware on your computer.
    • The best way to deal with these unwanted emails is to report them, then block the sender.
      • Report using the Reporting Phishing Attempts instructions.
      • Block the sender by doing the following:
        • Right-click on the message preview and scroll down to Junk.
        • Hover over Junk, then click Block Sender.
        • You will get a message telling you that the address has been added to your Blocked Senders List and the message has been moved to the Junk folder.

New IT Security Form Available

  • UTIA IT0305F – Information Technology Asset Checkout Form
    • Some departments, centers, or units offer users the ability to check out Institute-owned IT assets for various reasons.
    • This new form will help standardize the processes involved and will allow users the ability to acknowledge their expectations while using these IT assets.
    • Please visit UTIA IT0305F – Information Technology Asset Checkout Form to get the editable version of this form.

Thanks for all you do to protect the Institute and its data. I cannot thank you enough for your questions and forwarding of questionable emails. Your questions and concerns are always extremely valuable to me and they help me do a better job of protecting you all!

Sandy

Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone else has an email group for students who are not employees of your department, please let me know what that address is and I can include it. I do this as a blind copy so student names and addresses will not show up!

Sandy Lindsey
Chief Information Security Officer
Information Technology Services
The University of Tennessee
Institute of Agriculture

 

 

G061​ McCord Hall
2640 Morgan Circle Drive
Knoxville, Tennessee, 37996
Phone: (865) 974-7292; (865) 806-5224
sandy@tennessee.edu