Current Threats, Security Awareness Newsletters

This Week’s Cybersecurity News, 11/11/2022

Posted on Nov 11, 2022Share on

The word "scam"

I want to begin by giving a heartfelt thanks for including me as a presenter at the 2022 Tennessee Professional Development Extension Conference in Chattanooga. I enjoyed meeting so many of you face-to-face and seeing some of you that I haven’t seen in so long! And, of course, I always enjoy speaking about how you can protect the Institute, as well as yourself!

This week I want to share with you a couple of current threats. In addition, the security awareness training deadline is approaching, Microsoft has some important updates, and I want to stress the importance of multi-factor authentication.

Current Threats

  • Order for Defender Security Services (phishing email)
    • Subject is: <name> Order ID <#>.
    • The message appears to be from a Gmail address, but the “name” varies, although one was from asdfasdfasdf@gmail.com which is a good clue it is a fake address.
    • The email typically says, “Thank you for purchasing “Defender Security services. Your payment  for order with Order ID <#> was successfully procesed. The charges $599.99 will appear in to your account next 12 hours.”  (notice the errors)
    • The email also contains a phone number to call if you have questions, but the number has varied for the ones I have seen, but none of these numbers match any company associated with any kind of service such as this.
    • Please do not call the phone number, as they will ask for information like a credit card so they can “verify” this charge.
    • The email contains an attachment claiming to be an invoice for your purchase, but do not open it, as the attachment likely contains malware of some sort that will begin installing without your knowledge as soon as you click to open it.
    • There is a company named Defender Security Services, the “s” in Services is capitalized.
    • This company is licensed in NY, NY, and FL, not TN.
    • Their email address uses @defendersecurityinc.com and not @gmail.com.
    • This is definitely NOT associated with Microsoft Defender, which is an anti-malware component of Microsoft Windows operating system.
    • Should you receive this email, please forward the email and its Internet header using the Reporting Phishing Attempts instructions.

  • Payroll Information (phishing email)
    • Subject is: Payroll Information.
    • The message appears to be from Human Resources <hr@tennessee.edu>.
    • The emails says, in part, “I am in the process of verifying and updating all information for employee payroll information.”
    • The email asks that you open the attachment named “Payroll Info” to verify that your information is correct.
    • The email also contains a link to supposedly check your documents.
    • I can definitively verify that the link will take you to a malicious site that is known to steal personal data.
    • I am unable to verify the PDF without opening it, but I can tell you that there will be malware installed on your computer and possibly even the start of ransomware if you open that attachment.
    • While Payroll and HR are closely tied, we do have Payroll Office that would be more likely to check your information, but I am certain that Payroll nor HR would ask individuals to verify their information in this way.
    • And lastly, there is no identifying logo or anything with UT in the email other than the From address, which has been spoofed in this case.
    • Should you receive this email, please forward the email and its Internet header using the Reporting Phishing Attempts instructions.
    • UPDATE: Some employees have just reported getting similar phone calls from someone claiming to be from UT Payroll. I have verified with UT Payroll that they will never initiate such a phone call. Please do NOT give any of your personal information over the phone!

Annual Security Awareness Training

  • As you know, we are in the middle of security awareness training at the Institute.
  • The training was assigned on 10/03-10/04, and is due by 5pm CT on 11/30.
  • The first reminders went out on 11/01.
  • Please keep in mind that the second reminders will go out on or around 11/11, and these reminders will be sent to individuals and their Deans, Directors, and/or Departments Heads will be copied.
  • This training is required by UTIA IT0123 – Security Awareness, Training, and Education Policy.

Browser, OS, and Software Updates

  • Microsoft
    • Microsoft has released updates to address multiple vulnerabilities in Microsoft software.
    • Exploitation of these vulnerabilities could allow an attacker to obtain sensitive information.
    • Updates are being automatically pushed to Institute-owned computers.
    • If you have recently clicked to have your computer restart later to finish these updates, please make sure your reboot right away to ensure all available updates have been applied.

Tips for protecting the Institute’s data and yourself

  • Multi-factor Authentication (MFA)
    • At UT, we are lucky to be protected by the use of Duo’s two-factor authentication for any UT application using Central Authentication Service (CAS), such as SUPER, IRIS, Banner, etc.
    • Duo gives an extra layer of protection by using something you have (i.e., a passcode via token or a push via smartphone), along with something you know (i.e., your password).
    • In addition to something you have and something you know, MFA also includes something you are (i.e., fingerprint, face recognition, voice recognition, etc.).
    • Many online accounts, such as bank, credit card, retailers, social media, offer the use of MFA to further protect your information.
    • Please look in these account settings to see if MFA is offered.
    • If it is offered, I *highly* recommend turning MFA on.
    • You can often choose how you wish to be authenticated:
      1. One-time use code via authentication app
      2. Email/text/call to get a one-time use code
      3. Touch ID
      4. Face ID
    • If you choose to receive a passcode via an app, which is similar to the way Duo works, please use a verified app such as Google authenticator.
    • Don’t think of this as a hassle, but rather an identity-saving step!

Thank you for all that you do every day to protect the Institute and its data. Thank you so much for forwarding those questionable emails to me, as well. If you need me you can email or call me at any time. And please share these newsletters with peers, clients, students, friends, and family!

I also want to recognize Veterans Day by thanking all of our faculty, staff, and students who have served in the US military. Your service is so greatly appreciated and I thank you so much for what you have given!

Have a great weekend!

Sandy

Sandy Lindsey
Chief Information Security Officer
Information Technology Services
The University of Tennessee
Institute of Agriculture

 

 

G061​ McCord Hall
2640 Morgan Circle Drive
Knoxville, Tennessee, 37996
Phone: (865) 974-7292; (865) 806-5224
sandy@tennessee.edu