Cybersecurity Awareness Month is almost over, but in my opinion, we should have Cybersecurity Awareness Day 365 days a year. Don’t worry, though, I won’t email you every single day! 😊

In less than 24 hours I have heard from several people regarding today’s Current Threats. I also thought it may be a good time to give some tips, or reminders, on how to protect the Institute’s data, as well as how to protect yourself. And last week I gave you some resources for reporting cybercrimes, but decided that this information is definitely worth repeating.

Current Threats

• Office 365 account (phishing email)
  • Subject is: Our administrator has begun the process
  • The message begins by saying, “Your office 365 account appears to have two different logins with two different universities’ portals.”
  • The message says that you have 24 hours to address this.
  • There are many things in this email that stand out:
    1. There are errors with words that should be capitalized and words that should not be (e.g. “office 365,” “Failure to Verify,” the subject line, etc.).
    2. There are other noticeable grammatical errors (e.g., “Failure to Verify will result in the close of your account.”).
    3. The supposed verification link has “enrollment management” in it, but UT’s enrollment management has absolutely nothing to do with the administration of Office 365 accounts.
    4. The From address is particularly odd, with “disabled” being in it.
       • So far, all of these emails I have seen appear to be coming from mcrump1.
       • I cannot find this person in our directory at all.
       • If this person was a UTK student at some point, she has no current UT email address, so this is definitely a sign of a spoofed address.
  • Just so you know, Microsoft does allow multiple logins at two or more schools, but they suggest using different browsers or InPrivate/Incognito mode in related web browsers if you do this.
  • Should you receive this email, please forward the email and its Internet header using the Reporting Phishing Attempts instructions.
    

• Job Offers (phishing email)
  • Subject is PART-TIME JOB OFFER FOR STUDENT AND STAFFS.
  • The email appears to be from a UTK student.
  • The email says that students can become a remote personal assistant.
  • The email says you will be paid $450/week for an average of 11 hours worked (that is $40.90/hr).
  • This email does not have a lot of errors that stand out, with the exception of ‘student and staffs’ in the subject.
  • While I am not recommending you ever call a phone number listed in a questionable email, I find it odd that this email contains no verifiable information such as which department or college this is supposedly connected or any contact information (even if it is spoofed and you would never actually use it!).
  • Should you receive this email, please forward the email and its Internet header using the Reporting Phishing Attempts instructions.

Tips for Protecting the Institute’s Data and Yourself

• Confirm that your operating system and apps are getting updated.
• Manage Engine should be doing the updates for you, but if you click on the option to delay the update installation and reboot, go ahead and do those updates even before the date you chose, if at all possible.
• Back up your files regularly and keep in a separate location from your computer.
  • Store your documents in the cloud (i.e. OneDrive or Google Drive) and the provider does the backups for you.
    • The UT contract with these two providers guarantees that your data is encrypted at rest and in transit.
    • The UT contract also says that these providers are certified for storing FERPA, HIPAA, and other sensitive data.
  • You can also use a flash drive to back up your files on your office computer, then lock that flash drive in a safe place at home.
• Don’t email sensitive data to others, but if you absolutely have to, send via https://vault.utk.edu or use the word “encrypt” (without the “ “) in the subject line.
• Don’t click on any links or attachments in emails that you did not expect or ask for.
• Don’t buy gift cards based on an email or text request that looks like it is from your supervisor, co-worker, friend, etc.
• Use multifactor authentication anywhere and everywhere you can, particularly social media, apps that allow you to share files, banking apps, credit card apps, etc.
• Remember phishing emails that include attachments are often the start of a ransomware attack…so please don’t open any attachment until you have confirmed it is legitimate!
• Report those phishing attempts, as it helps keep others from getting hit, too.
• Ask me anytime you question whether an email (or anything else) is legitimate.
• Contact me immediately if you think you have been compromised or breached.

Reporting Cybercrime

If you believe you have been a victim of cybercrime, it is important that you report it as soon as possible. There are several resources for reporting and when you report, you are helping make the Internet safer for everyone.

• UTIA Chief Information Security Officer
  • If your Institute-owned IT asset(s) has been involved, please contact me right away.
  • We are required by the State and our cyber insurance provider to follow certain procedures.
  • Email me (sandy@tennessee.edu) as much information as possible, but do not include sensitive data.
  • Call me at (865) 806-5224, at any time, and I will help you.
• US-CERT.gov
  • www.us-cert.gov
• FTC.gov
  • www.ftc.gov/complaint
  • www.IdentityTheft.gov
• IC3.gov
  • www.ic3.gov
• SSA.gov
  • http://oig.ssa.gov/report-fraud-waste-or-abuse
• Your local law enforcement office

Thank you for everything you do every single day to protect the Institute and its data. I really appreciate you forwarding those questionable emails to me, too. If you need me you can email or call me at any time. And please share these newsletters with peers, clients, students, and family because if they are important to you, they are important to me, as well!

Have a great rest of the week!

Sandy