Current Threats, Security Awareness Newsletters

This Week’s Cybersecurity News, 03/27/2024

Posted on Mar 27, 2024Share on

Nine envelopes with each in a different color circle

Good afternoon.

This week I want to tell you about a couple of current threats. Both of these have been hitting several mailboxes today.

Current Threats

  • Office 365 Updates (phishing emails)     
    • The sender appears to be with UT Southern <name@utsouthern.edu>, but I can’t find the person in the UT Southern directory.
    • The email looks like it is being sent to different UT employees, one is supposed to be with UTHSC and one is supposed to be with UTM. The UTHSC address is possibly valid, although the person is not associated with any department. There is nothing about the UTM address, including the domain, that is correct.
    • The subject is IMPORTANT UPDATE FOR UNIVERSITY OF TENNESSEE STUDENTS AND STAFF.
    • The content tells you about a renovation on “Servers and Administrative Software” and mentions that you have two different “office 365 logins” with two different school portals.
    • There is a link to “CLICK HERE” that is NOT at all a valid UT link, so please do not click or copy and paste!
    • There are several things that stand out.
      • The wording and punctuation errors are very noticeable.
      • The email uses “office 365”, and what was known as Office 365 is now known as Microsoft 365, but never office 365 (it’s the little things that are noticeable!).
      • The thing that stands out most is that the persons shown in the two emails as the sole recipients are NOT the persons who forwarded the email to me.
      • The message tries to imply this is a UT System update, but why would the sender be from UT Southern, sending to someone at UTHSC or UTM, yet ending up in UTK/UTIA mailboxes through the BCC function (because it is a scam!)?
    • If someone sends you an email like this, please report using the Reporting Phishing Attempts instructions.
    • Signature Request (phishing emails)
      • The sender appears to be your NetID via Signature <Anna@suloasia.com.sg>.
      • The subject is or may be similar to Completed: Review and Sign Today Wednesday-March-2024 16:17 PM.
      • There is a document that looks very much like a DocuSign document, but “DocuSign” is never mentioned anywhere (this is likely to cause you to glance at it and assume it is DocuSign).
      • If you scroll beyond the request for the signature, there is an email thread that really makes no sense.
      • If someone sends you an email like this, please report using the Reporting Phishing Attempts instructions.

    Thanks for everything you do to protect the Institute and its data. I sure hope everyone has a nice long weekend!

    Sandy

    Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone else has an email group for students who are not employees of your department, please let me know what that address is and I can include it. I do this as a blind copy so student names and addresses will not show up!

    Sandy Lindsey
    Chief Information Security Officer
    Information Technology Services
    The University of Tennessee
    Institute of Agriculture

     

     

    G061​ McCord Hall
    2640 Morgan Circle Drive
    Knoxville, Tennessee, 37996
    Phone: (865) 974-7292; (865) 806-5224
    sandy@tennessee.edu