Current Threats, Security Awareness Newsletters

This Week’s Cybersecurity News, 05/30/2024

Posted on May 30, 2024Share on

Four computer screen with different alerts and warnings

Good morning.

Today I want to tell you about a new version of the ongoing hiring scams. I also want you to know how to deal with the increasing number of Microsoft security alert popups that I am hearing about.

Current Threats

  • Hiring (phishing email)
    • The sender appears to be mizrahigilkes[@]gmail.com.
    • The subject is HIRING NOW.
    • For those I know have received the email, there were two messages sent that were the same and within the same minute.
    • The email content is empty for both emails.
    • There was an attachment with the same name, Presentation1 (2), for both.
    • Please do not click on the attachment.
    • Please remind your students with whom you have contact that this kind of email is a scam!
    • If you have received any email like this, please report it using Reporting Phishing Attempts & Other Email Scams.

  • Microsoft Alerts (browser popups)
    • I am hearing about several instances of popups on Windows computers that will tell you that “access to the PC has been blocked for security reasons.”
    • There are multiple popups on the screen mentioning “Windows Support” and “Microsoft Defender”.
    • One popup will tell you not to restart the PC and even warns you that if you do restart you will lose information.
    • Another popup says that Windows locked due to unusual activity and asks you to enter your Microsoft ID and password.
    • In addition to the popup windows, you will hear a voice telling you the same things the popups are telling you.
    • PLEASE DO NOT ENTER ANY INFORMATION!!!
    • It is important to remember that Microsoft will never notify you with a popup window telling you to contact Microsoft Support!
    • While UT uses Microsoft for many things, they do not run our computer support.
    • UT does not use a “Microsoft ID and password,” but we have our own well-known terminology for that user ID.
    • There is a phone number given on at least three of the popup windows, but this number is NOT a UT or Microsoft phone number and does not appear to be a valid phone number at all.
    • Don’t hesitate to contact me if this happens and you have concerns but let me know immediately if you clicked or called!
    • If you get a message like this and you have not clicked or called, please use your keyboard to do a ctrl+alt+delete and click on Task Manager.
    • When Task Manager opens, click on the browser you were using and then click End task.
    • Then completely restart your computer and immediately run a full scan using Windows Defender.
      • Go to the bottom right corner of the system tray (along the bottom of the screen), then click the “^” so you can click on the Windows Security shield.
      • A screen will appear that shows “Security at a glance” and you will see “Virus & threat protection,” so click on that.
      • The screen will now show you the last time a scan was run, as well as the date, time, and type of scan.
      • Click on “Scan options” here.
      • When the screen shows your options, click the button beside of “Full scan” and then click the “Scan now” button.
      • This scan will take longer than the Quick scan, but it will scan every file on the hard drive, instead of a limited selection, and you can continue to work during the scan.
      • If the scan finds threats, please let me know right away if Defender did not clean or contain them.
    • I am not seeing anything conclusive to point to specific sites that may cause these popups to occur, as it is happening to people with different types of responsibilities and in completely different departments or units.
    • I do, however, feel certain that these fake alerts can come from both adware and fake/malicious sites that are created to look like a real site.
    • Keep in mind that when you do a search for a site, the first one listed is not necessarily the best one to choose.
    • It is common for the first search result (or few) to be listed as “sponsored” or “ad” and that means that the result has been paid for in order for it to show up at the top.
    • Hackers are known to do whatever it takes to trick you into clicking on links, including paying for their link to show up first!
    • My best advice is to scroll down the results just a little bit and choose a link that is not listed as “sponsored” or “ad” and I would even go so far as to manually type (or copy and paste) the URL you want to choose.
    • Remember that clicking on links can not only take you where you think you want to go, it will also start certain unwanted actions, such as installing malware!

I certainly appreciate all you do to protect the Institute and its data. You can always let me know when you have any IT security questions or concerns. I am here to help!

Sandy

Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone has an email group for students who are not employees of your department, please let me know what that address is and I can include it. I do this as a blind copy so student names and addresses will not show up!

Sandy Lindsey
Chief Information Security Officer
Information Technology Services
The University of Tennessee
Institute of Agriculture

 

 

G061​ McCord Hall
2640 Morgan Circle Drive
Knoxville, Tennessee, 37996
Phone: (865) 974-7292; (865) 806-5224
sandy@tennessee.edu