Ask Your CISO, Current Threats, Policies and Procedures, Security Awareness Newsletters

This Week’s Cybersecurity News, 05/09/2024

Posted on May 09, 2024Share on

Keyboard with "Cybercrime" in red on one key and hands coming from the key

Good afternoon, everyone.

Today I want to mention two current threats to keep on your radar. I also answer a great question about how to let others know when you are sending an internal Qualtrics survey. I am also including reminders about how to report cybercrime, comply with the AUP, and handle Duo push alerts.

Current Threats

  • Student Job Offers (email) *Please let your students know about this!*
    • These emails occur year-round but are sent more often as semesters end because they are targeting students.
    • The sender varies, but sometimes appears to be a UT employee or student.
    • The subject also varies, but most recently is Student Employment.
    • The message is usually brief but tells you about a part-time job that allows you to work from home for $500 weekly (though this also varies).
    • There is a link to apply, but please DO NOT CLICK.
    • Remember that you should never click any links or attachments that you are not expecting, especially if from a sender you do not know.
    • Clicking the link or attachment may cause the start of malware installation, either at that moment or it may start a process that will run in the background in the future.
    • If you receive one of these emails, please use the instructions at Reporting Phishing Attempts & Other Email Scams to report the email.
    • You can read more about past employment scams by visiting the UTIAsecurity knowledge base.
  • DocuSign Requests (email)
    • I know I mentioned DocuSign last week, but these are showing up more and more these days.
    • These documents may look to be coming from businesses but pay close attention to the name (e.g., “Geeks’Squad” instead of “Geek Squad”).
    • Some of these emails show images that we typically see with a DocuSign request, while others show only a link to view the file.
    • If you receive a request to sign something in DocuSign and you aren’t expecting anything, please call the sender at their known number (not one from the email).
    • If you don’t know the person or don’t do business with the company sending the document to sign, please don’t open it.
    • If the document was sent to your <netid>@utk.edu address, it is most likely not legitimate because UTIA uses only <netid>@tennessee.edu for our DocuSign accounts.
    • If you receive a document to sign via DocuSign, please do not click on the link in the email, but rather log into your account at https://docusign.com using <netid>@tennessee.edu.
    • If you are sending a document to UTIA faculty or staff, please remember to always use the @tennessee.edu address!
    • Also, if you are sending a document to UTIA faculty or staff for signature, be sure you include a description in the “Email Message” under the “Add message” section within DocuSign.
    • If you receive a fake DocuSign email, please use the instructions at Reporting Phishing Attempts & Other Email Scams to report the email.
    • To read more about what to watch for go to DocuSign in the UTIAsecurity knowledge base.

Ask Your CISO

  • “I’m planning to send out a large online survey, and I’m a little rusty on procedure. The last time I sent out an online survey was 2014. It was an email with a brief explanation and a hyperlink to Qualtrics. Obviously, since then people have become much more wary about clicking on links in emails (for good reason!). Do you have any advice as to what I could say or how I could share that link? Possibly including the hyperlink for folks who are more trusting or including a statement with the full Qualtrics link text (but not a live link) for students to copy and paste into their browser?”
    • This are such a great questions, as it shows the person asking understands the possibilities involved from the sender’s perspective, as well as that of the recipients.
    • You want to make sure the email that contains the survey also contains all the things people are looking for when receiving an unexpected email that contains an actionable request.
      • Make sure it looks like it is from you, including the logo you would normally use when you communicate with others at UT.
      • You can keep it brief but include enough information to tell who you are (in relation to the survey), what the survey is about, and maybe why you asked the audience you have chosen to participate.
      • I am so happy that the person is asking about including the full link text for participants to copy and paste into their browsers and I highly recommend this! 😊
      • You can include the hyperlink, as well, and if you include the full link text anyone can hover over the hyperlink and see that they match.
      • Double-check the spelling, grammar, punctuation, formatting, and all the things I tell people to check. (While we all make mistakes, some errors stand out!)
      • And when you are ready to send the survey, mass email, etc., and it isn’t a common thing for you to send, please let me know, if possible, and I can be prepared if people start asking.
      • It certainly doesn’t hurt to send an email to others to notify them of your upcoming survey.
    • And for those who receive surveys and emails that appear to be internal, you can always ask me about it, and I will find out if I don’t know for sure!

Reporting Cybercrime

  • With so much cybercrime going on these days, I want to remind you of what you need to do if you fall victim to a scam.
  • First, please do not feel ashamed as it can happen to anyone.
  • Start taking action right away because reporting is critical.
  • If you have lost money to a scammer, please call your financial institution (bank, credit card company, etc.) immediately.
  • Contact your local FBI field office and report the crime because they need to start investigating as soon as possible.
  • File a complaint with the FBI’s Internet Crime Complaint Center (IC3).
  • Report fraud to the Federal Trade Commission (FTC).
  • If a scammer has gotten your personal information through a phishing email or it has been stolen in any way, go to IdentityTheft.gov to find out what to do next.
  • Please use Reporting Phishing Attempts & Other Email Scams to forward the email and its Internet headers to OIT Abuse and me, whether you have fallen victim or not.
  • You can contact me either via email, cell phone, or both.
  • I will keep anything you tell me confidential unless I am required to report certain information if Institute data is involved.

Acceptable Use of IT Resources

  • This is a reminder that every person who access, uses, or handles the Institute’s & University’s IT resources is expected to be aware of and compliant with UTIA IT0110 – Acceptable Use of Information Technology Resources Security Plan (AUP).
  • IT assets include but are not limited to all Institute-owned desktops, laptops, servers, devices, telephones, and Institute- and University-owned networks.
  • This plan states that you will NOT give your password to anyone.
  • The plan states that you will NOT ask others for their passwords.
  • The plan states that you will NOT connect devices (i.e., switches, routers, hubs, computer systems, wireless access points) to the network without prior approval.
  • In addition, there are many other things you need to comply with at all times, so please make sure you bookmark this link and review it regularly.

Duo Two-Factor Authentication Reminders

  • If you receive a request for a Duo push (i.e., verify your identity) and you did not initiate it, please do NOT approve it.
  • If you approve a Duo request that you did not initiate, you may be allowing a cybercriminal access to your device, your data, the Institute’s data, etc.
  • If you receive a Duo request that you did not initiate, please click “Deny” and then click “Yes” when asked if it was a suspicious login.
  • This type of crime has happened recently where direct deposit changes have been made because employees approved the push request that they did not initiate.
  • It is also a good idea to not check the “Remember me for 7 days” box, so that you have complete control over what you approve and when you approve it.

Thank you for all the hard work you do to protect the Institute and its data. By asking before clicking on something questionable, you are keeping the Institute’s data, and your own, safe and out of the hands of cybercriminals. Please know that you can ask me anything at any time if you have security questions or concerns. You know I love your questions!

Sandy

Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone else has an email group for students who are not employees of your department, please let me know what that address is and I can include it. I do this as a blind copy so student names and addresses will not show up!

Sandy Lindsey
Chief Information Security Officer
Information Technology Services
The University of Tennessee
Institute of Agriculture

 

 

G061​ McCord Hall
2640 Morgan Circle Drive
Knoxville, Tennessee, 37996
Phone: (865) 974-7292; (865) 806-5224
sandy@tennessee.edu