Ask Your CISO, Current Threats, Security Awareness Newsletters

This Week’s Cybersecurity News, 03/30/2023

Posted on Mar 30, 2023Share on

cybercriminal with an envelope for mail scam

Happy Friday Eve.

Today I have a couple of phishing emails to tell you about, one of which appears to be coming from HR, but it is not. I also want to answer a follow-up question about DocuSign and Apple has some updates you need to make sure you have.

Current Threats

  • Payroll Information (phishing email)
    • The sender is supposedly Human Resources <hr@tennessee.edu>.
    • The subject is Payroll Information.
    • The message begins with, “I am in the process of verifying and updating all employee payroll information.”
    • The message also asks you to open the attached form (but I don’t think there is an actual attachment) and verify your information is correct.
    • The message has a link for you to verify your logins, but do NOT click.
    • The link will NOT take you to anything related to UT’s Payroll or HR departments.
    • The purpose of this email is to trick you into giving your personally identifiable information.
    • If you receive this email, please forward it, along with the Internet header, using these instructions, Reporting Phishing Attempts.
  • Hauling Freights (phishing email)
    • The sender is ATG99-Agency of Lotus Terminals Ltd. <assistant11@alltransportinggroups.com>.
    • The subject is Good afternoon! <first name & middle initial>, we would like to seek an opportunity to provide the transportation services, hauling some of your freights for UNIVERSITY FAMILY PHYSICIANS.
    • The email begins with a repeat of the subject.
    • This is definitely one to block, as opposed to unsubscribing.
      • Right-click in the message preview.
      • Scroll to “Junk” and click on “Block Sender”.
      • Clicking on “Unsubscribe” can often lead to malware being installed without you knowing it!
    • If you receive this email, please forward it, along with the Internet header, using these instructions, Reporting Phishing Attempts.

Ask Your CISO

  • How do I know if the email from DocuSign is actually legit?
    • After last week’s question about DocuSign, I received several more questions about how to know if the email from DocuSign is legitimate if you aren’t expecting something.
    • First, the email should be coming from DocuSign System <dse_na2@docusign.net>.
    • However, since we know that emails can be easily spoofed by cybercriminals, that doesn’t automatically mean the email is legit.
    • Instead of clicking on the link in the email, go directly to https://docusign.com and log in with your <NetID>@tennessee.edu, but do not enter your password yet.
    • Instead, click on “Use Company Login” so that you will use the UT Central Authentication Service to log in with two-factor authentication.
    • If you remember last week’s newsletter, you should always log into DocuSign instead of clicking on the email link, as this keeps an accurate history of documents you have signed.
    • If you have a document waiting for you to be signed, you can click on “Action Required” to show you any document waiting to be signed.
    • And, like last week, I would like to offer another a bit of advice.
    • If you are sending documents to be signed, please be sure you include enough information in the email message that is sent to recipients so they will know this is legitimate.
    • Please don’t include sensitive information in the email message, but do include enough telling information so that the recipients who aren’t expecting the message will check DocuSign instead of deleting the message.
    • To use DocuSign for any UTIA documents, you can get started by going to https://utiatechnology.tennessee.edu/docusign/.

Browser, OS, and Software Updates

  • Apple
    • Apple has released security updates for multiple products to address vulnerabilities.
    • Please make sure you have applied all available updates for these products:
      • macOS Ventura 13.3
      • Safari 16.4
      • Studio Display Firmware Update 16.4
      • iOS 15.7.4 and iPadOS 15.7.4
      • tvOS 16.4
      • macOS Big Sure 11.7.5
      • iOS 16
      • 4 and iPadOS 16.4
      • macOS Monterey 12.6.4
      • watchOS 9.4
    • Exploitation of these vulnerabilities could allow an attacker to take control of the affected device.

Thank you so much for everything you do to protect the Institute, as well as its assets and data. I am here to help you, so please don’t hesitate to let me know when you have questions or concerns. I truly appreciate all questions and feedback and I always appreciate you letting me what you are seeing.

Sandy

Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone else has an email group for students who are not employees of your department, please let me know what that address is and I can include it. I do this as a blind copy so student names and addresses will not show up!

Sandy Lindsey
Chief Information Security Officer
Information Technology Services
The University of Tennessee
Institute of Agriculture

 

 

G061​ McCord Hall
2640 Morgan Circle Drive
Knoxville, Tennessee, 37996
Phone: (865) 974-7292; (865) 806-5224
sandy@tennessee.edu