Ask Your CISO, Current Threats, Security Awareness Newsletters

This Week’s Cybersecurity News, 04/15/2026

Posted on Apr 15, 2026Share on

animated picture of a data hacking theif

Good afternoon, everyone!

Today I want to let you know about a variety of new spear phishing emails that appear to be from your supervisor, member of leadership, or a coworker. I also want to answer a fantastic question I received about reporting phishing emails.

Current Threats

  • Many New Fake Emails (spear phishing)
    • In the past couple of days, I have gotten many notifications about spear phishing emails that have been received across the Institute.
    • The sender varies greatly but will impersonate your supervisor, a member of leadership, or a coworker; and the actual address is most often using @gmail.com.
    • The subject varies, but a couple of examples from this week include Request check-in and Could you please provide me with your cell ph #.
    • These emails are very brief and want you to reply to the email.
    • When you reply to the scammer, it verifies that your email address is real and being monitored regularly.
    • When you reply to the scammer, you will almost certainly receive more emails over time.
    • If you reply you would most likely be asked to purchase some gift cards and send the card numbers and codes back to the sender who is pretending to be someone you know and trust.
    • The scammer(s) will check work-related websites and social media to determine who is in charge and will usually choose that person in hopes there is a trust built with this person.
    • The email looks like it was sent to only you, which helps the recipient feel like they have been trusted to handle something, but the email was sent to many others using the blind copy function.
    • Just because you receive a fake email that appears to be from someone you know, it does not necessarily mean that person’s account has been compromised but reporting the email will also help determine if it is an impersonation or a compromise.
    • In fact, yesterday’s emails all used the same @gmail.com address but they had different names associated with the address.
    • If you receive one of these spear phishing emails, please report it using the red Report button found at the upper left corner of the Outlook ribbon (please read the next section of this newsletter!).

Ask Your CISO

  • Why am I reporting a phishing email only to receive an email telling me that email was found to be safe?
    • As you know, I have updated the information found at Reporting Phishing Attempts & Junk Email.
    • This is due to changes made by UTK’s OIT.
    • I have been told to have all users report phishing emails using the red Report button on the upper left corner of the Outlook ribbon.
    • Most people do have that button now, but if you don’t you can follow the instructions using the link above.
    • Like many new processes, the recent changes to the new reporting system have caused confusion.
    • Some users have let me know their phishing report has been marked as “Clean” or “Safe”, and I have also gotten those same emails when I have reported phishing using the Report button.
    • I can tell you that the things I have reported or have asked you to report as phishing have been investigated by me and I found them to be 99.9% phishing.
    • I have asked why these reported emails are being labeled as clean or safe when I can give numerous reasons why they are truly phishing.
    • I have been told by email administrators that UT’s new reporting system doesn’t always recognize phishing when the report is a new instance.
    • They tell me that over time this will clear up, and they need you to keep reporting so it will clear up sooner.
    • Please don’t stop reporting phishing because your reports are needed to make the new system stronger and more accurate.
    • And please don’t think I am making things up when I ask you to report something.
    • I research the information, the addresses, the links (without clicking!), and other information in the emails.
    • I also make calls if the email appears to be a mass internal email and I try to find out if the email is real.
    • I tend to give all the details as to why I believe an email is phishing or junk because it is my responsibility to help everyone learn what to look for.
    • As a final FYI…when you choose “Report Junk” you will get two popups, one explaining junk email and the other thanking you for reporting.
    • Reporting junk will help to automatically put future emails from that sender in your Junk folder.

I am so grateful to all of you for everything you do to protect the Institute’s data. I am so proud of you for being so cautious and staying security aware. Please let me know any time you have questions or concerns.

Sandy

Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone has an email group for students who are not employees of your department, please let me know what that address is, and I can include it. I do this as a blind copy so student names and addresses will not show up!

Sandy Lindsey
Chief Information Security Officer
Information Technology Services
The University of Tennessee
Institute of Agriculture

 

 

G061​ McCord Hall
2640 Morgan Circle Drive
Knoxville, Tennessee, 37996
Phone: (865) 974-7292; (865) 806-5224
sandy@tennessee.edu