Current Non-Threats, Current Threats, Security Awareness Newsletters

This Week’s Cybersecurity News, 09/28/2023

Posted on Sep 28, 2023Share on

Yellow road sign with the words "scam alert"

Happy Friday Eve, everyone.

This week has been quite busy with lots of phishing emails so today I want to share with you the most reported ones. Remember that phishing emails appear to be from a well-known source and try to trick you into revealing sensitive information, stealing passwords, and/or installing malware. I have also included a non-threat to let you know about a name change for a popular social network.

Current Non-Threat

  • Yammer (email)
    • Yammer is a social networking service that is part of Microsoft 365, and is used mainly for private communication within an organization.
    • As we all know, Microsoft has a habit of changing the names of their products, e.g., Office 365 was changed to Microsoft 365.
    • Yammer is being rebranded over the course of 2023, and the new name is Viva Engage.
    • For those who have used Yammer, you will receive this email.
    • The sender is Viva Engage <notifications@yammer.com>.
    • The subject is Please log in to Viva Engage.
    • The content states that you already have a Viva Engage account for the University of Tennessee network and gives you a link to sign in.
    • While I am certain the link is legitimate, I recommend that you manually type in yammer.com, then click the “Log in” button.

Current Threats

  • UTK Jobs (phishing)
    • The sender appears to be a current student at UTK.
    • The subject is UTK Job news.
    • The message tells you about a part-time job that takes 2-3 hours a day and pays $550.
    • There are several mistakes and there are some noticeable formatting issues.
    • There is a link to “Apply Here” that takes you to a form that is in no way associated with UTK.
    • Please do not click on the link.
    • Please share this information with all of your students!
    • If you received this email, please forward it, along with the Internet header, using these instructions, Reporting Phishing Attempts.
  • Two-Factor Authentication Validation (phishing)
    • Sender appears to from Utk | 2FA Authentication Support and the email address in not a UT address.
    • Subject is Action Required: 2FA Secure Authentication Revalidation for <NetID> – <current date>.
    • The message contains a QR Code, but please do NOT scan it.
    • The message states that “you are being held responsible to review security update and requirement…” and you have “2 days of the received date” to follow the prompt command.
    • Please note the mistakes, including how “Utk” is written!
    • If you received this email or others like it, please forward, along with the Internet header, using these instructions, Reporting Phishing Attempts.
  • DocuSign (phishing)
    • We have had several DocuSign scam emails sent this week coming from various senders.
    • The real sender address for DocuSign is DocuSign System <dse_na2@docusign.net>.
    • The users who have notified me were quick to realize they weren’t expecting anything to sign.
    • The biggest recommendation I can make is to never click on the links in a DocuSign request email, but instead go to https://docusign.com.
    • Please log in using your <NetID>@tennessee.edu address, then click the Use Company Login button, which will take you to the UT Central Authentication Service login.
    • Once logged in, you will find any items to sign in the Action Required folder.
    • By logging into DocuSign directly instead of clicking the links you are doing two very significant things:
      • You are ensuring that the request is legitimate.
      • You are ensuring that anything you sign is saved in your DocuSign history, which is important for future reference.
    • When sending something for approval to a UTIA employee, always send to the person’s <NetID>@tennessee.edu, as this is the only appropriate address for the UTIA DocuSign licensing.
    • Using the @utk.edu address will not allow the person signing to use their known signature and ID number and will not save the record of the document in their DocuSign account.     
    • If you received this kind of email, please forward it, along with the Internet header, using these instructions, Reporting Phishing Attempts.
    • To read more about DocuSign, please visit the UTIAsecurity Knowledge Base and click on “DocuSign” under Tags on the left side of the page.

Thank you for all you do to help protect the Institute and its data. I truly appreciate every question I receive about the validity of emails or anything else related to IT Security. You all are doing a great job of being aware!

Sandy

Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone has an email group for students who are not employees of your department, please let me know what that address is and I can include it. I do this as a blind copy so student names and addresses will not show up!

Sandy Lindsey
Chief Information Security Officer
Information Technology Services
The University of Tennessee
Institute of Agriculture

 

 

G061​ McCord Hall
2640 Morgan Circle Drive
Knoxville, Tennessee, 37996
Phone: (865) 974-7292; (865) 806-5224
sandy@tennessee.edu