Hello, all.

This is later in the day for my usual newsletters, but I need to let you all know about a current threat. This email started showing up in so many email boxes after 5:00 pm. That means I needed to let people know ASAP! And thank you to the many people who asked about it because that is always the best way for me to know when something widespread is going on.

Current Threat

Health Advisory (phishing email)

• The email appears to have come from an actual UT employee, but the name and address can vary.
• The subject is Fwd: Action Required: Health Advisory Against Contagious Virus.
• The content of the email first says, “Take Action.”
• The message continues with a forwarded message that appears to be from University of Tennessee <healthservice[@]utk.edu>, which is not a valid address.
• The message says that 16 members of the university community have tested positive for a contagious virus.
• The message contains links for a contact tracing page and a list of affected individuals.
• The message signature shows Dr. Jeffrey Castillo and the department is Public Health and Internal Medicine.
• There is no Dr. Jeffrey Castillo associated with UT or UT Medical Center.
• There is no department at UT named “Public Health and Internal Medicine”.
• Public Health is an academic department and Internal Medicine does not exist at UT.
• If you get this email, please do NOT click on the links.
• Report the phishing attempt.
  • You can forward any suspicious email to me and I will investigate.
  • UTK’s OIT is now saying that you can use the “Report Message” or “Report” button in the Outlook Ribbon to report junk and phishing.
  • Until recently that button only reported to Microsoft, but OIT says it also reports to Abuse now.
  • I still request that you forward suspicious messages to me before you click this button, as this is my number one way to know what current threats are out there and I use that information to inform the Institute.

Important Reminders

IT Security Awareness Training

• If you have been assigned training, this is a reminder to complete that training before the end of the year.
• The IT Security Awareness training is required of all UTIA workforce, which includes student employees, on an annual basis.
• The IT Security Awareness training is part of the 2024-2025 UTK Compliance training, as assigned by UTK HR.
• Assignment and reminder emails will come from the UTK Compliance Committee noreply[@]utk.edu, but I will start sending individual reminders about the IT Security Awareness training this month.,
• As in the past, any user not completing the IT Security Awareness module by the deadline will still lose access to all Institute-owned and University-owned systems until the training has been completed.
• If you have been assigned this training, you can find it by logging into K@TE https://kate.tennessee.edu and it will be listed under “My Active Courses”.
• This newsletter goes out to those on the UTIA distribution list, along with some other specific distribution lists, so it is possible you do not have training assigned, but if you aren’t sure, please send me an email and I will look for you.
• While the deadline has been set for 12/31/2024, I highly recommend that you complete it before then to ensure you get the proper credit due to DASH implementation happening at the first of the year.

Thank you so much for helping me protect the Institute and its data. I appreciate the time and effort everyone puts into making sure we stay safe!

Sandy

Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone has an email group for students who are not employees of your department, please let me know what that address is, and I can include it. I do this as a blind copy so student names and addresses will not show up!