This Week’s Cybersecurity News, 10/26/2023

Share on

Good afternoon!

Today I want to tell you about some current threats that have been reported over the last couple of days. I also want to share CISA’s three easy tips for strengthening your password.

Current Threats

  • Urgent Requests (spear phishing emails)
    • There have been a couple of these spear phishing emails in the past two days.
    • One appears to be coming from one of our deans, while the other appears to be coming from a county director.
    • Both of the From addresses are not at all what you expect from these individuals, plus they are both using Gmail addresses.
    • The subject for one is Emergency, while the other is TASK, Thu 26th.
    • The both are using that sense of urgency and the feeling that only *you* are being asked to do something discreet or special.
    • As you know, UT policy requires that emails about work must come from the official UT email address.
    • If you have received these emails or any email like these, please report them using Reporting Phishing Attempts.
    • To find other threats like this, please visit the UTIAsecurity Knowledge Base, then click “Spear Phishing” under Tags on the left side of the page.

  • Overdue Payment (blackmail/phishing email)
    • The sender appears to be using an @utk.tennessee.edu address.
    • The subject is There is an overdue payment under your name. Please, settle your debts ASAP.
    • The content is rather lengthy, stating that the email has been “hacked” and a Bitcoin payment is due within 48 hours.
    • This email actually threatens to share your personal videos if you don’t pay, and includes a list of things you should “abstain” from doing.
    • This blackmail-type email is a scam.
    • Please do not pay anything demanded in the email.
    • Please forward the email and its Internet header using Reporting Phishing Attempts.

  • Retirement Benefits (phishing email)
    • Sender is Financial Consult <no-reply[@]vcita.com>
    • Subject is Retirement Benefit Questions Answered.
    • The content invites you to a 15-minute call focused on pension and retirement education and planning.
    • Please note that this is in no way affiliated with the University of Tennessee or the State of Tennessee.
    • These kinds of emails are often sent in hopes of collecting your personal and financial information.
    • If you have received any email like this, please report it using Reporting Phishing Attempts.

Strengthening Passwords with Three Simple Tips

  1. Make them long
    • Use at least 16 characters.
    • The longer the password the stronger the password!
  1. Make them random
    • Use random character strings of upper case, lower case, numbers, and symbols.
    • Use a memorable passphrase and definitely change the spelling to help (e.g., S@ndyL0v3sTh3Y@nk33s!)
  1. Make them unique
    • Use a different password for every account you have.

And you can find more information on passwords at UTIAsecurity Knowledge Base – Passwords.

Thank you for all your questions and comments, as well as the positive feedback. And please know that I am here to help you in any way that I can.

Sandy

Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone has an email group for students who are not employees of your department, please let me know what that address is and I can include it. I do this as a blind copy so student names and addresses will not show up!