This Week’s Cybersecurity News, 07/22/2022

Share on

This week a new legitimate survey went to a random group of employees at the University. There are also some known phishing scams appearing in our emails. I always encourage the Institute’s faculty and staff to pass these emails along to family, friends, clients, and anyone else who may benefit from the information in them. I should definitely add students to that list, as well. Students who are not employees do not receive these emails, so I would really appreciate you thinking of them when sharing this information. There may be information in the current threats section each week that would be helpful for them to know.

Current Non-Threats

  • Great Place to Work Trust Index Survey (email)
    • This email is from hello@invite.emprising.com.
    • A random sampling of 5,000 employees across the UT System were sent this email on July 18.
    • If you received the email you are being asked to take part in the Great Place to Work Survey on behalf of UT HR.
    • You are asked not to share the survey link with others, as it is personalized to the email recipient.
    • President Randy Boyd is asking for a high level of completion with this survey, so if you have been selected to complete the survey, please do so by August 1.
    • This survey is not associated with the McLean survey that came out last week. (That, too, was legit, so please complete it.)
    • My understanding is that both McLean and Emprising will now be sending their surveys on a regular basis.
    • I will continue to verify these surveys as I hear about them so that I know each instance is legitimate.
  • Attn State of Tennessee employees: Join now (email) – this is worth repeating since it may be helpful for many employees!
    • This email is from Hinge Health (hello@hingehealth.com).
    • The email has the Partners for Health TN logo, the State of TN logo, and the Hinge Health logo at the top of the message.
    • The email states that you can get help for muscle, back, or joint issues through the Hinge Health program at no additional cost to you.
    • I was able to verify this information by searching for Hinge Health within Partners for Health TN.
    • While the Hinge Health program is for Blue Cross Blue Shield members, there is another program, RecoveryOne, for Cigna members.
    • You can go to https://www.tn.gov/partnersforhealth/health-options/included-benefits-extras/exercise-therapy-programs.html to find out more information about each program, as well as to sign up.

Current Threats

  • State Retirement Help for the University of Tennessee, Knoxville (email)
    • Just like many of our phishing scams, this one keeps hanging on.
    • The greeting is typically, “Employee <lastname>.”
    • The email implies that this program is through UT as it starts out saying, “As an employee of The University of Tennessee, Knoxville, each year you are eligible to receive a complimentary appointment with a licensed representative for answers to your specific state, federal and individual retirement benefit questions.”
    • Near the end of the email it says that representatives are licensed by the State Department of Insurance.
      • This department for the State of Tennessee is actually called “Department of Commerce and Insurance.”
    • UT’s Benefits and Retirement, as well as Payroll, have verified that these emails and services are in no way affiliated with or endorsed by the University of Tennessee.
    • After a little exploring, I have found that other universities in various states have also reported these types of emails as phishing scams.
    • Do not click on any links in these emails.
    • Please use Reporting Phishing Attempts to forward the message and its Internet headers to OIT Abuse and me.
      • It is important to follow these instructions so that you include the Internet headers when reporting.
      • The Internet headers are what our email administrators use to block the sender from sending more emails from that IP address.

  • Phishing Attacks Advertising Summer Jobs (email)
    • The sender is often using a gmail address.
    • The supposed available job positions vary, but they all tend to offer at least $350 a week for remote work.
    • The biggest clue that the message is not legitimate is that the email is loaded with the following kinds of errors:
      • Spelling
      • Grammar
      • Punctuation
      • Formatting
    • It’s certainly easy enough to mistype or have autocorrect do something crazy, but these errors are typically throughout the email.
    • Please use Reporting Phishing Attempts to forward the message and its Internet headers to OIT Abuse and me.
      • It is important to follow these instructions so that you include the Internet headers when reporting.
      • The Internet headers are what our email administrators use to block the sender from sending more emails from that IP address.

  • Spear Phishing (email)
    • These emails just keep on coming.
    • They are sent to a targeted group of recipients often based on org charts or some kind of departmental structure found on websites or social media.
    • The emails are very short, asking you to contact the sender right away and only by replying to the email.
    • The emails look like they are sent to just one person (you), but they are sent using “Bcc,” which will suppress all the other recipients to look like you are the only person being contacted.
    • If you reply (and please don’t), you will get another message saying that the sender, who most often looks to be your supervisor, needs you to go get some gift cards and they will pay you back after you email them the cards’ codes.
    • No one at UT will/should ask you to purchase gift cards on their behalf to be repaid later.
    • Check the reply to address and you will most often find that it ends in @gmail.com.
    • Please use Reporting Phishing Attempts to forward the message and its Internet headers to OIT Abuse and me.
      • It is important to follow these instructions so that you include the Internet headers when reporting.
      • The Internet headers are what our email administrators use to block the sender from sending more emails from that IP address.

Software Updates

  • Chrome
    • Google has released security updates to address vulnerabilities in Chrome.
    • These vulnerabilities could allow an attacker to take control of an affected system.
    • Since your browsers are being managed by UTIA ITS, you should be getting the updates automatically.
    • If you do not close your Chrome  browser regularly, you may not have the latest updates.
    • In your browser, go to Settings (the three lines in the upper right-hand corner and scroll down to Help.
    • Click on Help and click on About Google Chrome.
    • A window will open and show you if your browser is up to date and what version you have.
    • If you don’t have version 103.0.5060.134, please restart the browser.

I truly appreciate all you do to protect the Institute and its data. If you need me and I don’t get back with you quickly enough via email or if it is an emergency, please call my cell number at any time. I am always here to help you.

Thanks!

Sandy