Ask Your CISO, Current Threats, Security Awareness Newsletters

This Week’s Cybersecurity News, 08/29/2024

Posted on Aug 29, 2024Share on

Laptop screen with a hand coming out to take money and a credt card

Hello, everyone.

This is another busy week for scams that are going to faculty and staff but are mostly targeting students. Again, I beg you to share these newsletters with all your students, not just the ones who are working here. Students are targeted heavily, especially this time of year, and they don’t get regular information about threats like employees get.

I have included some important reminders about browser security, Docusign requests, and spear phishing attempts. I also have a question for Ask Your CISO this week.

Current Threats

  • More Email Termination Threats (phishing emails)
    • The sender may vary but appears to be someone with an @vols.utk.edu email address.
    • We keep seeing these and the subject changes, but this week’s subjects are IMPORTANT UPDATE FOR ALL STUDENT AND STAFF OF THE UNIVERSITY OF TENNESSEE, UTK UPDATE, and NOTICE.
    • The emails are going to UT faculty, staff, and students.
    • The current messages say, “We received a request to terminate your office 365 email, and this process has begun by our administrator. If you did not authorize this action and you have no knowledge of it, you are advised to verify your account.”
    • There is a link for “CLICK HERE TO APPLY NOW” but please do not click and please do not copy and paste the URL in a browser.
    • It also says that failure to verify will result in “account disablement,” which is an unusual way to saying deactivated, but your account will not be deactivated nor disabled because this is not at all legitimate!
    • The messages do not include anything about any department the supposed sender is with, nor does it have any identifiable information you would expect from UT.
    • There are several noticeable errors in this very short email.
    • Please note that UT will not use student email addresses to send such emails, nor will they not include important department or university identifying information.
    • The emails appear have been sent using compromised accounts.
    • If you have received an email like this, please report it using Reporting Phishing Attempts & Other Email Scams.
    • Please make sure that you share this information with all your students, not just student employees!
  • More Student Opportunities (phishing emails)
    • The sender varies but appears to be someone with an @vols.utk.edu email address.
    • This time the subject is UTK.
    • The email addresses “Faculty/Personal/Student/Alumni” and mentions that there are job opportunities to eligible students and staff.
    • The message said that there is a position available for a Personal Assistant.
    • The message adds that the position will be home-based and that you can work from anywhere.
    • The message also says that the pay is $650 weekly for working an average of 8 hours.
    • This message has a link to click but please do NOT click it.
    • Notice the email for submitting resumes is an @gmail.com address.
    • This is not at all legitimate!
    • Please note that UT will not use student email addresses to send such emails.
    • Also, UT will not send this kind of email.
    • There is a reference at the very bottom for “Job Placement & Student Services”, but this is not an actual department at UT.
    • The emails appear have been sent using compromised accounts.
    • If you have received an email like this, please report it using Reporting Phishing Attempts & Other Email Scams.
    • Please make sure that you share this information with all your students, not just student employees!

Important Reminders

  • UTIA has been managing browser configurations for the past several years.
    • We manage the approved browsers (Edge, Firefox, Chrome, and Safari) so we can help protect you and the Institute from issues caused by browsers by setting these configurations for you:
      • Block pop-ups,
      • Block plugins and phishing sites,
      • Set browsers to NOT store passwords,
      • Disable third-party cookies, and
      • Turn off tracking.
    • Keeping your browsers secure means we don’t allow many third-party sites that fall into the above items unless there is a legitimate need.
    • This time of year, in particular , I notice that we may have to update sites on our allow list.
    • I also know that some apps, like Canvas, add new third-party functionality, like Packback, but we aren’t notified until a user cannot get to it.
    • If you cannot get to something like this, please send me an email telling me what you need to access, why it is needed, and the URL it is using.
    • I can review the site, then approve it to be added to the allow list.
    • If this is a site you have been able to get to before, but suddenly and inexplicably you can’t, please let me know about that, too, because necessary browser updates may cause unexpected changes.
    • It is also possible that the third-party may have made some changes to the app or the URL that you need to know about.
    • To learn more about the specific settings, you can read Recommended Secure Browser Settings in the UTIAsecurity site’s knowledge base.
    • Please feel free to use these settings on your personal devices and even share them with friends and family since these are not set by default!
  • Docusign Requests
    • Please remember when you receive an email that appears to be from Docusign, do not click on the link in the request.
    • While the Docusign logo may look right it doesn’t guarantee that the document is legitimate.
    • First, ask yourself if the sender and the document make sense for you to receive.
    • If you aren’t expecting something from someone you know or do business with, then pick up the phone and call the known number (not the one in the email!) and ask if they sent it.
    • Again, don’t click on the link, but go to docusign.com and log in directly.
    • Also, remember that the UTIA licensing with Docusign is through UTSA, so this is one case where our licensing requires that we use @tennessee.edu for our single sign-on (this is because UTK does not use Docusign!).
  • Spear Phishing Attempts
    • With so many new employees and new students onboard, now is a good time to tell and remind everyone about spear phishing attempts.
    • If you get an email that appears to be from your supervisor, co-worker, a department head, a dean, a director, or even our Senior Vice Chancellor & Senior Vice President that is very short and asks you to email them for a quick favor or request, please don’t reply.
    • First, check the email address of the sender and make sure it is the appropriate UT email address.
    • If it is coming from an outside address, it is not going to be real.
    • These emails are not being sent to just you, but the blind copy function is being used to send the same message to MANY people in hopes even a few will respond.
    • If you were to respond, but please don’t, you would be asked to go purchase gift cards (it is usually totaling ~$1,000) and the sender will say that they will pay you back after you email them the codes on the back of each card.
    • This is a SCAM!
    • No one at UT should ever ask you to go purchase gift cards and promise to pay you back later.
    • There are appropriate processes for gifts to be purchased and this is not one of them!

Ask Your CISO

  • How secure is communication on my phone if I’m in a public place and NOT using wi-fi?
    • If you are using the cellular network, it is by far more secure than using WiFi, even in a public place.
    • The cellular networks use encryption, whereas WiFi networks don’t always use encryption, especially the WiFi hotspots at public locations.
    • You can also turn on the phone’s private key functionality that creates a code that only the intended recipient can decipher.
    • It is still possible to hack any internet connection, but cellular networks are preferred because they are so much more secure.

Thank you all for everything you do every single day to protect the Institute and its data. Thank you so much for your questions and your concerns about security. Please don’t hesitate to contact me at any time if you have any questions or concerns. I am always here to help you!

Sandy

Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone has an email group for students who are not employees of your department, please let me know what that address is, and I can include it. I do this as a blind copy so student names and addresses will not show up!

Sandy Lindsey
Chief Information Security Officer
Information Technology Services
The University of Tennessee
Institute of Agriculture

 

 

G061​ McCord Hall
2640 Morgan Circle Drive
Knoxville, Tennessee, 37996
Phone: (865) 974-7292; (865) 806-5224
sandy@tennessee.edu