Ask Your CISO, Current Threats, Security Awareness Newsletters

This Week’s Cybersecurity News, 06/14/2023

Posted on Jun 14, 2023Share on

man with a badge

It’s Wednesday and one day closer to the weekend! But since we are here at work, I want to share some current threats with you. These two threats have picked up steam this week and one of them is a variation of an ongoing phishing attempt. I also have a very important “Ask Your CISO” question, as well as some information about several Microsoft updates that you need to know!

Current Threats

  • Direct Deposit Change (phishing email)
    • There are multiple emails being sent and each email appears to be from actual employees at first glance of the senders’ names.
    • The emails I have seen, however, are all using an address with the @sapo.pt domain, and .pt is used as the country domain code for Portugal.
    • The subject is “Change of Direct Deposit Information”.
    • The message varies, with one being a bit more detailed, but there is request in each one for help with changing the sender’s direct deposit information.
    • Anyone with a need to change their direct deposit information would surely know that is done through the self-service portion of the IRIS portal and not through Institute leadership members as these requests have been sent.
    • If you receive this email, please forward it, along with the Internet header, using these instructions, Reporting Phishing Attempts.
  • Office 365 Account (phishing email)
    • The email is from someone who appears to be a student or “member” in the UTK directory.
    • The subject varies, but a couple of examples include, “ACCOUNT CLOSURE” and “We Received A Request from You!
    • The message says, in part, “We received a request to terminate your office 365 email and this process has begun by our administrator.”
    • The message goes on to say that your office 365 has “two info different logins with two universities portals,” and you have 24 hours to “strictly here and address it.”
    • Please note the errors throughout the short email, particularly the interesting wording.
    • There is a link for you to click, but PLEASE do not click on the link!
    • This is absolutely a scam.
    • One message may have the UT logo at the bottom, but another will not.
    • Please know that UT will not notify you about logins for multiple universities’ Microsoft 365 portals, as UT only manages the portal for UT.
    • If you receive this email, please forward it, along with the Internet header, using these instructions, Reporting Phishing Attempts.

Ask Your CISO

  • We have been receiving calls from people who have bought items from fake companies that are using our address and phone number. They call here because they haven’t received their item. Is there anything that we can do to remove this problem?
    • The worst part about most cybersecurity scams is that the cybercriminals are so good at disguising themselves that it becomes nearly impossible to find them after they have taken someone’s money and personal information.
    • It is also impossible to prevent someone from impersonating an organization in this way.
    • If someone uses your physical address and phone number, people visiting the fake website won’t recognize the address and phone number if they aren’t familiar with the organization.
    • If you receive a call asking about an “order” and you are told your unit’s/department’s phone number was given as the contact information when you placed the order, be prepared for more calls.
    • Please don’t ask the caller anything specific, but think about the things you are hearing from the caller:
      • Did they say a company name?
      • Did they say they ordered from a website?
      • Did they mention the type of product(s)?
      • Are they local to your area?
    • If you start noticing a commonality, let me know so I can pass any potential information along to UT’s FBI liaison.
    • The only thing I am truly asking you to do is to tell the caller to report the scam, as this may help find the scammers or at least put a stop to this particular scam.
      • The most important place for most victims to report cybercrime is the Internet Crime Complaint Center (IC3) at https://ic3.gov.
      • They should also report to the Better Business Bureau at https://bbb.org/scamtracker.
    • If, as an employee, you believe you have been a victim of cybercrime, it is important that you report it as soon as possible.
      • UTIA Chief Information Security Officer
        • If your Institute-owned IT asset(s) has been involved, please contact me right away.
        • We are required by the State and our cyber insurance provider to follow certain procedures.
        • Email me (sandy@tennessee.edu) as much information as possible, but do not include sensitive data.
        • Call me at (865) 806-5224, at any time, and I will help you. (If I don’t answer, please leave a message!)
      • US-CERT.gov – www.us-cert.gov
      • FTC.gov – www.ftc.gov/complaint, www.IdentityTheft.gov
      • IC3.gov – www.ic3.gov
      • Your local law enforcement office

Browser, OS, and Software Updates

  • Microsoft
    • Microsoft has released updates to address multiple vulnerabilities in most Microsoft software.
    • Exploitation of these vulnerabilities could allow an attacker to obtain sensitive information.
    • In addition, depending on the privileges the actual user has been assigned, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.
    • Updates are being automatically pushed to Institute-owned computers.
    • If you have recently clicked to have your computer restart later to finish these updates, please make sure you reboot right away to ensure all available updates have been applied.

I thank each of you so much for everything you do to protect the Institute and its data. Please let me know any time you have any questions or concerns when it comes to security!

Have a great rest of the week!

Sandy

Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone has an email group for students who are not employees of your department, please let me know what that address is and I can include it. I do this as a blind copy so student names and addresses will not show up!

Sandy Lindsey
Chief Information Security Officer
Information Technology Services
The University of Tennessee
Institute of Agriculture

 

 

G061​ McCord Hall
2640 Morgan Circle Drive
Knoxville, Tennessee, 37996
Phone: (865) 974-7292; (865) 806-5224
sandy@tennessee.edu