Current Threats, Security Awareness Newsletters

This Week’s Cybersecurity News, 04/17/2025

Posted on Apr 17, 2025Share on

Image shows icons for the most known social media technologies

Hello, everyone.

This week I want to remind you all about a current threat that seems to pick up steam as the weather gets warmer. I also need to let you know some important information about Vault 2.0.

Current Threat

  • Fraud (social media) *REMINDER*
    • Last year I told you know about a social media scam that has to do with festivals and events.
    • Since the weather is getting warmer, I feel this is a great time to remind everyone about this problem because of the festivals, field days, plant sales, and other events that you want share with others.
    • Social media is a great way to get to word out about these events to friends, friends of friends, and the public in general.
    • The problem is scammers will post about your event claiming to be involved by saying they are accepting vendors for the event and ask you to private message them for more details.
    • When the private messaging begins, they will offer a spot or a booth at the event for a fee.
    • In reality, these scammers are in no way associated with the event and are just looking for easy money by using false information, bad social media accounts, bad emails, and other ways that make the payments untraceable.
    • Here are some reminders to help you:
      • If you are interested in attending or being a vendor at any festival or event, please make sure you look at the “known” sites.
      • You can Google the event name or promoter, but please be careful which search returns you use.
        • You want to visit the sites with the most traffic and those should be listed first.
        • HOWEVER, make sure you look for the word “Sponsored” in bold just above a search result and do NOT click on these.
        • While some returns marked “Sponsored” may be okay, many of them include links that will reroute you to a fake site.
        • These are “Sponsored” because, like companies, hackers will pay to have their sites listed at the top.
    • If you are responsible for maintaining a social media site that posts information about events, please be extra vigilant to keep an eye on all posts to make sure no one is adding false comments/information and delete or hide any post that you deem fraudulent.
    • Most importantly, if someone contacts you out of the blue for something, you should ALWAYS investigate before giving information, especially when it is someone you don’t know.
    • Remember that hackers can find out about your hobbies and interests via social media.
    • The hackers will then use that information to contact you and act like they know all about you.
    • Thank you so much to Michelle Campanis for reminding me about the incident that happened with UT Arboretum last year when a person lost money to a scammer pretending to be with the Butterfly Festival.
    • It is always greatly appreciated when you let me know about things that will help others avoid scams!

Important Information

  • UT Vault 2.0
    • On 04/09/2025, UTK’s Office of Innovative Technologies released the new secure file transfer service, UT Vault 2.0.
    • This service replaced the original UT Vault for securely sending files.
    • The first time I logged in I saw a message that UT Vault 2.0 is not approved for sharing Controlled Unclassified Information (CUI), which is sensitive, unclassified information that the US Government creates or possesses and, while it is not classified, it must still be protected using very specific regulations.
    • I have also found out that UT Vault 2.0 is not approved for sharing files that contain Personal Health Information (PHI), as identified by HIPAA and must be properly secured.
    • I have asked UTK’s Information Security Office if they would add this information to the UT Vault 2.0 site, but I wanted to make sure everyone at the Institute was aware of it as soon as possible.
    • If you have any questions about this, please feel free to let me know.

Thank you so much for all you do to keep the Institute’s data safe. I am always here whenever you have any questions or concerns and I thank you for letting me know about potential threats.

Sandy

Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone else has an email group for students who are not employees of your department, please let me know that address and I can include it. I do this as a blind copy so student names and addresses will not show up!

Sandy Lindsey
Chief Information Security Officer
Information Technology Services
The University of Tennessee
Institute of Agriculture

 

 

G061​ McCord Hall
2640 Morgan Circle Drive
Knoxville, Tennessee, 37996
Phone: (865) 974-7292; (865) 806-5224
sandy@tennessee.edu