Current Non-Threats, Security Awareness Newsletters

This Week’s Cybersecurity News, 11/20/2024

Posted on Nov 20, 2024Share on

Graphic showing various secure technology devices

Hello, everyone.

I have an update regarding the official change for reporting phishing attempts and junk email. I want to let you know about a current non-threat that will affect some of you. I want to continue sharing tips for staying cybersafe this holiday season. And I want to remind everyone *again* that you need to complete your IT Security Awareness Training if you haven’t already done so.

Reporting Phishing Attempts & Junk Email  ***UPDATE***

  • Last week UTK’s Office of Innovative Technologies (OIT) officially announced the new way to report phishing attempts and junk (spam) emails.
  • OIT had asked that you use the new built-in button in Outlook for reporting.
    • Please use the “Report” button with the red shield and exclamation point that is in the Outlook ribbon.
    • Note: I found that the Report button should also be available in the dropdown menu when you right-click on the email message preview.
    • When you click the down arrow below “Report,” you will see the option to choose “Report Phishing” or “Report Junk.”
    • Please do NOT use the “Report Message” button on the right side of the Outlook ribbon, as this button will soon be going away.
  • I immediately started hearing that some users did not have the red “Report” button.
  • Another user said the “Report Message” button was grayed out, as well.
  • I started asking UTK’s security team about this and got a response this week.
  • It seems this button was made available in Microsoft 365.
  • They told me that they are in need of troubleshooting other supported versions of Outlook, which would include Outlook in Office 2021.
  • I thank everyone for letting me know you had trouble because this has helped UTK take a closer look at things being supported and what may need to come off the supported list of software through OIT.
  • Please note that if you are using a UTK Gmail account, you won’t have access to the “Report” button, but you can forward the email to abuse@utk.edu (this is to be used by UTK Gmail accounts only).
  • In addition, if you are using Outlook and do not have the “Report” button at this time, UTK says that you should continue to report by forwarding the email to abuse@utk.edu.
  • And you can always forward anything to me when you have any kind of questions or concerns.
  • Sorry for any confusion, but I do appreciate you letting me know about the issues!

Current Non-Threat

  • Payroll Change (email)
    • The email comes from an actual UT employee with Payroll, Benefits & Retirement.
    • The subject is Credit union deduction.
    • The message tells about a change to direct deposits due to the transition to the new DASH system.
    • The message says you can email the person who sent the message or email payroll[@]tennessee.edu to stop your current credit union deduction.
    • The message also gives you a link to made a change to your direct deposit information, but you can also make this change by going directly through My IRIS Web and look for Direct Deposit.
    • The message directs you to update your data prior to the DASH go-live date, but please remember that you should do this by 12/13/2024 to make sure the data is correct before the holiday break.
    • While the email did appear to be legitimate and the links, addresses, and phone numbers matched what is expected, I decided to call Payroll just to be safe.
    • It was quickly confirmed that the email is legitimate.
    • I don’t think that everyone should expect to receive this email, but if you do, it is real.
    • If you still feel leary about it, you can forward to me or call (865) 974-9977 or (865) 974-5251.

Staying Cybersafe During the Holiday Season

  • Shopping Tips
    • Next week is one of the busiest weeks for online shopping, in part due to major Black Friday sales.
    • Before you even start the shopping frenzy, make sure each account you use has a strong and unique password.
    • Also, if you are given the option to use multifactor authentication for your accounts, including your credit card and bank accounts, please do it!
    • Shop only on secure and known sites that use https://.
    • Don’t click on links to shopping sites without hovering over the link to verify, or copy and paste the link in your browser’s address bar.
    • If you are searching for a link to a shopping site, don’t click on the links that are “sponsored” because these can often be fake or may misdirect you to a fake site.
    • Avoid using public WiFi networks, as the public WiFi networks are not secure and are targets for cybercriminals.
    • Check your credit card accounts, bank accounts, and credit report(s) regularly to check for unauthorized activity.
    • Do not email financial information to anyone, as reputable companies will never, ever ask for that information.
    • If you get a random email or text message about a failed package delivery, do not respond, but if you are concerned about an order you have placed, go directly to the shopping site and/or carrier’s site and track the package.
    • If you believe you are the victim of a scam, report it immediately using the information found in This Week in Cybersecurity News, 05/09/2024, under Reporting Cybercrime.
    • And please share this information with  your family, friends, clients, students, and anyone else you want to help protect online.

Important Reminder

  • IT Security Awareness Training
    • If you have been assigned training, this is a reminder to complete that training before the end of the year.
    • The IT Security Awareness training is required of all UTIA workforce, which includes student employees, on an annual basis.
    • The IT Security Awareness training is part of the 2024-2025 UTK Compliance training, as assigned by UTK HR.
    • Assignment and reminder emails will come from the UTK Compliance Committee noreply[@]utk.edu, and UTIA HR staff members are currently sending reminders about the 2024-2025 UTK Compliance training.
    • As in the past, any user not completing the IT Security Awareness module by the deadline will lose access to all Institute-owned and University-owned systems until the training has been completed.
    • If you have been assigned this training, you can find it by logging into K@TE https://kate.tennessee.edu and it will be listed under “My Active Courses”.
    • This newsletter goes out to those on the UTIA distribution list, along with some other specific distribution lists, so it is possible you do not have training assigned, but if you aren’t sure, please send me an email and I will look for you.
    • While the deadline has been set for 12/31/2024, I highly recommend that you complete it before then to ensure you get the proper credit due to DASH implementation happening at the first of the year.

Thank you so much for helping me protect the Institute and its data. I appreciate the time, effort, and questions everyone contributes to making sure we stay safe!

Sandy

Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone has an email group for students who are not employees of your department, please let me know what that address is, and I can include it. I do this as a blind copy so student names and addresses will not show up!

Sandy Lindsey
Chief Information Security Officer
Information Technology Services
The University of Tennessee
Institute of Agriculture

 

 

G061​ McCord Hall
2640 Morgan Circle Drive
Knoxville, Tennessee, 37996
Phone: (865) 974-7292; (865) 806-5224
sandy@tennessee.edu