Security Awareness Newsletters

This Week’s Cybersecurity News, 10/13/2025

Posted on Oct 13, 2025Share on

Good afternoon, everyone.

First of all, Windows 10 End-of Support is here so I am giving one final reminder about it. Also, October is Cybersecurity Awareness Month, so I want to take this opportunity to remind you of things you can do to help protect yourself, your family, your students, your clients, and your employees.

October is also Breast Cancer Awareness Month, so please make a difference by raising awareness and supporting those who are fighting breast cancer…not just this month, but every month! And Gracie, your UTIA Chief Infurmation Security Kitty, wanted me to remind you that it is Black Cat Awareness Month, so please adopt a black cat because they are the best luck!

Important Reminder

  • Windows 10 End-of-Support Is Here
    • Windows 10 is officially reaching end of support tomorrow, October 14, 2025.
    • After tomorrow Microsoft will no longer provide free software updates, technical assistance, or security patches for Windows 10.
    • Without these updates and security patches, your computer will become more vulnerable to all security threats.
    • If you are using a PC, to find which version of Windows you are using, do the following:
      • Go to the Search box on the taskbar (right beside of the Start button) at the bottom of your screen.
      • In the box, type winver and click Enter.
      • A window will then show what version you are running.
    • If you are still running Windows 10, you have to upgrade to Windows 11.
    • If you are with the UT College of Veterinary Medicine, the CVM Support group will help you will this.
    • If you are with UT Extension or UT AgResearch and Education Centers across the state, your regional IT staff will help you with this.
    • If you are located on the Knoxville campus or one of the Knoxville-area locations that gets assistance from the UTK OIT Desktop Support, please call (865) 974-9900 to request help.
    • If you have a computer that is out of warranty, it is likely too old to allow Windows 11 to be installed.
    • Please remember that UTIA UT01xx – System and Services Acquisition Standard states that the Institute has a technology refresh schedule of a maximum of five years for replacing hardware, which is in place due to older systems not being able to be updated and secured properly.

Cybersecurity Awareness Month Tips for Various Scams

  • Phishing
    • We are all pretty familiar with phishing attacks, but it never hurts to mention them again.
    • A phishing attack is when a cybercriminal uses information that looks like it is from a reputable company in an attempt to collect personal information.
    • The email usually contains bad grammar, spelling, and/or formatting.
    • The email may contain links and logos that look legitimate, but when you hover over them, you see something entirely different.
    • Never click on any link in an email that you did not expect or that you feel is the least bit “off”.
    • Use the red “Report” button in the Outlook ribbon to report the phishing attempt.
  • Spear Phishing
    • Spear phishing is when a cybercriminal sends an email that will look like it is coming from someone you know but seems odd.
    • The sender email address has the person’s name, but the actual domain is not a UT address.
    • UTIA’s Acceptable Use of Information Technology Resources Standard (AUP) states that users will not “Use any email account other than the UT-provided email account for conducting Institute and University-wide work-related business.”
    • These spear phishing attempts are very brief and usually say not to call, but to reply only to the email and there is a feeling of urgency.
    • Please do not reply but call the person’s known number or email their known UT email address to ask questions.
    • Use the red “Report” button in the Outlook ribbon to report the phishing attempt.
  • Smishing
    • Smishing is a phishing attack via text messaging (SMS).
    • The scammer will send a text to alert you about a supposed fraudulent activity.
    • There is usually a link for you to click “for more information,” but do not click as they will ask you for personal information like an account, PIN, password, or credit card.
    • Never click on a link in a text message that you did not ask for or expect.
    • Never reply to these text messages.
    • I would normally ask you to file a complaint with the FCC, but their site says, “Due to a partial lapse in federal government funding, starting October 1, 2025, the FCC’s Consumer Complaint Center (CCC) will be unavailable until normal agency operations resume.”
    • However, you can file a complaint with the FBI’s ic3.gov, which handles cybercrime.  
    • Most phone carriers now allow you to Report Junk when you delete a text message.
  • Vishing
    • Vishing is a phishing attack, but over the phone instead of email.
    • If you receive a call from someone claiming to be a vendor, a business, health care, law enforcement, credit card company, bank, etc., that you did not expect or that makes no sense, please hang up.
    • If you get a silent pause when you answer the phone, then hear a blip or a lot of background noise, please hang up.
    • If someone asks a question, please do not use the word “yes”, but ask them a question instead (i.e., Them: “Is this Sandy?” Me: “May I ask who is calling?”).
    • Please don’t trust caller ID because real numbers are often spoofed to look legitimate.
    • Please do not share any personal information over the phone unless you are 100% certain the call is legit, which usually means you initiated it.
    • If you are not certain and really want to know, please tell the person you will have to call back.
    • NEVER call the number they have given you but instead call the known phone number to ask if the call was really from them.
    • Again, I would normally mention the FCC here, but most phone carriers allow you to Block and Report Junk before you delete the call.
  • Tips to remember for any suspicious contact:
    • The Institute, the HelpDesk, nor the University will never ask for your personal information via text, email, etc.
    • Your boss will never ask you to purchase gift cards and email them the codes.
    • Your bank or any other financial institution will never ask for account information, including account number, PIN number, password, etc., via email, phone call or text message that you didn’t initiate.
    • Law enforcement officials will never call and tell you that you owe a fine or that you have a warrant, nor will they demand immediate payment by phone, as they have official notification methods via mail.
    • When in doubt about what you have been asked to provide in any of these situations, initiate your own call to whomever the scammer is portraying and ask them directly.

Thank you for all you do to protect the Institute and its data, students, employees, clients, and yourself. Please let me know anytime you have any questions or concerns.

Sandy

Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone has an email group for students who are not employees of your department, please let me know what that address is, and I can include it. I do this as a blind copy so student names and addresses will not show up!

Sandy Lindsey
Chief Information Security Officer
Information Technology Services
The University of Tennessee
Institute of Agriculture

 

 

G061​ McCord Hall
2640 Morgan Circle Drive
Knoxville, Tennessee, 37996
Phone: (865) 974-7292; (865) 806-5224
sandy@tennessee.edu

Secret Link