Current Threats, Security Awareness Newsletters

This Week’s Cybersecurity News, 11/25/2025

Posted on Nov 25, 2025Share on

drawing with pumpkins and a Happy Thanksgiving sign

Good afternoon, everyone.

Tis the season, which unfortunately means it is scamming season, too! Today I want to remind you of the many things you should be aware of beforehand so that you can avoid the scams.

Current Threat Trends

  • Holiday Scams
    • With the holidays upon us cybercriminals are busy trying to get as many people as they can to fall for their scams.
    • These are some of the most common scams during this season:
      • Fake delivery notifications
        • Scammers will send text messages or emails claiming that your package is delayed.
        • They will ask for your personal information, including credit card information, to “verify” your delivery, but please do not respond.
        • If you are expecting a package and you receive a questionable text or email about a delayed delivery, please go directly to the known site where you made the purchase or go to the carrier’s known site to track your order.
      • Phishing attempts
        • Scammers will send fake text messages and phone calls pretending to be your bank or a retailer, saying that there is a problem with a purchase or your account.
        • Please do not respond to these text messages.
        • Please do not answer any questions if you receive a call.
        • Instead, if you get a text or a call, please call the known number of the bank or the retailer and tell them about the text or call.
      • Fake Ads
        • Social media is known for having fake ads that look very real.
        • These ads often show deals that are too good to be true, because they really are too good to be true!
        • If you see an ad on social media that interests you, please don’t click on it.
        • Instead of clicking, go to the retailer’s known site and look for what they really have.
        • And watch out for anything labeled as “sponsored”, whether it be an ad or a Google search return, as sponsored information is typically something that has been put online by a scammer after paying to get it at the top of any search list.
      • Fake Online Stores
        • Scammers are really good at creating fake websites that look very much like the real site.
        • These fake sites will often lure you in and steal your money or personal information.
        • Always make sure that the URL begins with “https:”, is spelled correctly, and has the appropriate domain ending.
        • And always hover over any link before clicking on it to check its accuracy.
      • Charity Scams
        • Scammers will create fake charities or may impersonate a real one, especially during times of crisis and during the holidays.
        • Research the charity to make sure it is legit and that it is taking donations as described in a text, email, or call.
        • Be sure that the URL is correct, using “https:”, is spelled correctly, and has the appropriate domain.
        • And avoid any charity that uses vague language or tries to pressure you.
      • Gift Card Scams
        • The only time you should ever use a gift card for any purchase is when you choose to one you have received, not when you are told to go buy one to use.
        • Legitimate businesses will never demand that you make a payment with a gift card.
        • If a business tells you that you have to pay using a gift card, it is a scam.
      • Credit Card Skimming
        • Always be vigilant when using a credit card, especially at an ATM or a gas station but also play close attention to the surroundings where you are paying.
        • If there is limited foot traffic where you are paying, be extra cautious and check the device before you enter your card by jiggling where you enter the card and looking for tiny camera lights or mirrors around the device.
        • And if you are paying online, make sure you are using a secure network, not public WiFi.
    • If you think you are a victim of a scam, PLEASE REPORT IT right away!
    • If you have lost money due to a scam, please call your bank, credit card company, etc., immediately.
    • Call your local law enforcement office to report the crime.
    • File a complaint with the FBI’s Internet Crime Complaint Center (IC3).
    • Report fraud to the Federal Trade Commission (FTC).
    • If a scammer has gotten your personal information through a phishing email or it has been stolen in any way, go to IdentityTheft.gov to find out what to do next.

    Important Reminder

    • 2025-2026 UTK Compliance Training
      • Please remember to complete your 2025-2026 UTK Compliance Training.
      • This annual training is required for all UT employees.
      • The assignment includes the IT Security Awareness Training.
      • For UTIA employees, the IT Security Awareness Training course must be completed by 12/31/2025, or the user’s NetID will be temporarily disabled, causing the inability to connect to anything using the NetID for authentication, including email, DASH, Banner, Microsoft 365, K@TE, etc.
      • I highly recommend completing the training by 11/30, since things tend to get quite busy prior to our holiday/administrative closing in December.
      • UTSA HR was able to update the TSU employees so the training could be assigned, but if you are a TSU employee and you still did not get the assignment, please let me know.

    I would also like to take this opportunity to tell you how thankful I am for each and every one of you for all you do to protect the Institute’s data, but also to protect yourselves, your students, your coworkers, your clients, your family, and your friends. I am truly grateful for all the questions and comments I receive on a daily basis. Without your awareness and your dedication to security, the Institute and the University would be at a tremendous risk.

    I wish you all a very Happy Thanksgiving!

    Sandy

    Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone has an email group for students who are not employees of your department, please let me know what that address is, and I can include it. I do this as a blind copy so student names and addresses will not show up!

    Sandy Lindsey
    Chief Information Security Officer
    Information Technology Services
    The University of Tennessee
    Institute of Agriculture

     

     

    G061​ McCord Hall
    2640 Morgan Circle Drive
    Knoxville, Tennessee, 37996
    Phone: (865) 974-7292; (865) 806-5224
    sandy@tennessee.edu