Ask Your CISO, Current Threats, Security Awareness Newsletters

This Week’s Cybersecurity News, 05/05/2023

Posted on May 05, 2023Share on

Two laptops with arms sticking out to obtain an electronic signature

Happy Friday to everyone!

Today I want to let you know about a DocuSign threat and remind you about the proper way to get to items in DocuSign. I also want to let you know about an email that appears to be from UTK Benefits and an invoice being sent via regular mail that you need to know about. Finally, Ask Your CISO covers information about text message scams.

Current Threats

  • DocuSign (phishing email)
    • I don’t have the specific details, but I want to share this one with you.
    • The sender is not from DocuSign System <dse_na2@docusign.net>, which is the only verifiable address for DocuSign requests.
    • If you receive this email, please forward it, along with the Internet header, using these instructions, Reporting Phishing Attempts.
    • In addition, the March 30, 2023, newsletter gives you some important recommendations about DocuSign under the Ask Your CISO section.
    • The biggest recommendation I can make is to never click on the links in a DocuSign request email, but instead go to https://docusign.com.
    • Please log in using your <NetID>@tennessee.edu address, then click the Use Company Login button, which will take you to the UT Central Authentication Service login.
    • Here you will use your NetID and password for two-factor authentication and it will take you to your account, where you can find any items to sign in the Action Required folder.
    • By logging into DocuSign directly instead of clicking the links you are doing two very significant things:
      • You are ensuring that the request is legitimate.
      • You are ensuring that anything you sign is saved in your DocuSign history, which is important for future reference.             
    • To read more about DocuSign from my March 22, and March 30, newsletters, please visit the UTIAsecurity Knowledge Base and click on “DocuSign” under Tags on the left side of the page.
  • UTK Benefits (phishing email)
    • The message sender says utk HR <cartagena@acicargo.com).
    • The subject is Employee Benefits Qualification for all utk staff on May 2023
    • The message is set as “High” Importance.
    • There is no content in the message itself.
    • There is an attachment named “Scanned docsPDF.shtml”.
    • Please do not open the attachment!
    • There are a couple of items that really stand out to let me know this is a scam.
    • “utk” should be written as UTK in the context in which it is used.
    • I googled acicargo.com and this is a logistic company, so it doesn’t fit with UTK Benefits.
    • If you receive this email, please forward it, along with the Internet header, using these instructions, Reporting Phishing Attempts.
  • Domain Listings Invoice (regular mail)
    • While this is not a cybersecurity threat, it is like the Domain Networks Invoice I mentioned in January, so it is worth mentioning again.
    • This time the letter is from Domain Listings.
    • Domain Listings makes it very clear that this subscription is not for the renewal of the domain tennessee.edu (in this case), but it a subscription for Domain Listings to list tennessee.edu in its directory.
    • The letter says that this is not a bill.
    • It also says this is a solicitation and you are under no obligation to pay the $288, unless you accept their offer.
    • I think that if you read the letter closely and all the explanations Domain Listings gives about it being a solicitation and not a bill, it is not illegally defrauding anyone.
    • I do think they are being deceptive, hoping that the recipients will not read very carefully.
    • Please remember that regular mail must be closely deciphered just like email, but at least you don’t have the links and attachments to worry about!

Ask Your CISO

  • Can you address text scams?
    • When you get a text message that doesn’t make a lot of sense as to why you have received it or you don’t know the sender, this is called smishing, or phishing through text messages.
    • Cybercriminals use text messages to do the same things as a phishing email…steal sensitive information.
    • The text message often appears to be from a reputable company (e.g., Verizon, AT&T, Amazon, etc.).
    • The links in these fraudulent text messages usually contain malware that is installed in the background by clicking on the link.
    • The malware may be a keylogger, a virus, ransomware, or other harmful software.
    • If you receive a text message saying that you have been chosen to win a $x gift card, please do not click on the link!
    • Other known fraudulent text messages can look like you have been notified that your bank or credit card account has been compromised, your password must be reset, etc.
    • These messages vary greatly, but please remember that they all have the same purpose and that is to trick you into giving up information.
    • To see some additional examples of smishing covered in previous newsletters, please go to the UTIAsecurity Knowledge Base, then click “Smishing” under Tags on the left side of the page.

I thank you all for letting me know when you have questions about an email’s validity or have questions about anything having to do with cybersecurity. Your sharing of emails and your questions help me to know how I can best help everyone else.

I hope you all have a wonderful weekend!

Sandy

Sandy Lindsey
Chief Information Security Officer
Information Technology Services
The University of Tennessee
Institute of Agriculture

 

 

G061​ McCord Hall
2640 Morgan Circle Drive
Knoxville, Tennessee, 37996
Phone: (865) 974-7292; (865) 806-5224
sandy@tennessee.edu