Current Non-Threats, Current Threats, Security Awareness Newsletters

This Week’s Cybersecurity News, 08/31/2023

Posted on Aug 31, 2023Share on

faceless man in a suit talking about email

Happy Friday Eve!

In this edition of This Week’s Cybersecurity News, I want to tell you about a current non-threat that may seem to contradict an actual threat from last week. I also want to share a couple of new threats and let you know about a new update that you need to have.

Current Non-Threat

  • Retirement Income Review (email)
    • The sender is Empower <no-reply@sfmc.empowermyretirement.com>.
    • The subject is [yourname], it’s time to schedule your no-cost retirement income review
    • If you remember, last week I told you about (supposed) companies asking you to sign up to discuss your retirement options.
    • Those companies about which I was speaking had no affiliation with UT.
    • This email, however, is tied to RetireReadyTN, which is the State’s retirement program.
    • The email does have a link to click for scheduling your review, but to be safe, I am including this link which I have verified to be legitimate: https://treasury.tn.gov/Retirement/Information-and-Resources/Meet-with-an-Advisor.
    • I know this can be a very confusing thing, but always make sure any company that wants you to schedule a discussion about your finances and/or retirement is actually affiliated with UT!

Current Threats

  • Payment Form (phishing email)
    • The sender appears to be Payment Support <noreply@scaler.com>.
    • The subject is [ACH Form] – Please Sign Block 9 and Return.
    • The message has no content, but does have an attachment that leads you to believe it is an invoice.
    • Please do NOT open the attachment.
    • The attachment almost certainly has malware just waiting to be installed as soon as you click on it.
    • If you receive an email like this, or any other suspicious email, please report it using the Reporting Phishing Attempts instructions.
  • Payment Information (phishing email)
    • The sender appears to be Dillion Bolin <dbolin@partnerscapitalgrp.com>.
    • The subject is utk.edu _ 9:57 AM – Payment Advise.
    • The content is pretty minimal, but it stands out because there are four different colored bars (two columns and two rows), with the words “Utk Support-Desk” below the bars.
    • Below that there is an F Y I, with a link embedded in a red box that simply states “Keep Current Credentials”.
    • The email’s signature is “Utk” on one line and “Security Team” on the next line (this is obviously not correct).
    • This is not legitimate so please do NOT click the box!
    • If you receive an email like this, or any other suspicious email, please report it using the Reporting Phishing Attempts instructions.

Browser, OS, and Software Updates

  • Firefox
    • Mozilla has released security updates to address vulnerabilities in Firefox.
    • These vulnerabilities could allow an attacker to take control of an affected system.
    • Since our browsers are being managed by UTIA ITS, you should be getting the updates automatically.
    • If you do not completely close your browser regularly, you may not have the latest updates.
    • In your Firefox browser, go to Settings (the three lines in the upper right-hand corner) and scroll down to Help.
    • Click on Help, then click on About Firefox.
    • A window will open to show you if your browser is up to date and what version you should have.
    • If you don’t have Firefox 117.0, please restart the browser to get the update.

Thank you all so much for everything you do every single day to protect the Institute and its data. And a special thanks to all those have questions and notify me about potential scams. Please let me know any time you have any questions or concerns when it comes to IT security!

Have a great rest of the week and I hope you enjoy the Labor Day weekend!

Sandy

Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone has an email group for students who are not employees of your department, please let me know what that address is and I can include it. I do this as a blind copy so student names and addresses will not show up!

Sandy Lindsey
Chief Information Security Officer
Information Technology Services
The University of Tennessee
Institute of Agriculture

 

 

G061​ McCord Hall
2640 Morgan Circle Drive
Knoxville, Tennessee, 37996
Phone: (865) 974-7292; (865) 806-5224
sandy@tennessee.edu