Gracie, your UTIA Chief Infurmation Security Kitty, and I would like to take this time to wish everyone a Happy All The Holidays. It has been a very tough year for so many people, but I hope that you will take care of yourselves and others as we move forward into 2026.

I have a couple of items for this week’s newsletter. I want to remind everyone about the growing use of calendars for phishing attacks. And I want to remind you once again about the upcoming IT Security Awareness Training deadline.

Current Threat

• Fake Calendar Invites
  • In October I told you about how scammers are using Teams calendars for phishing attacks.
  • Lately, it is not just in Teams, but the general Outlook calander, too.
  • As you know, calendar invites come through email, but these “invites” don’t appear to have a matching email notification.
  • The scammer is hoping you will respond to the calendar invite by clicking on a link or the RSVP option.
  • Microsoft says that an Outlook calendar invite always sends an email notification by default when the invite is created or updated.
  • You should look in your Deleted Items folder in Outlook to find the email notification.
  • When you find the message, please use the red “Report” button to report as phishing.
  • If the red Report button is not working, please do NOT forward to abuse@utk.edu because it will notify the sender.
  • And please make sure you are using the latest version of Outlook, which is Microsoft 365. (Refer to the specifics in This Week’s Cybersecurity News, 10/23/2025.)
  • It is important to report this because when you click the Report button it will remove the email and the calendar event.
  • If you received the event in Teams Activity, please click the three dots that appear on the top right of the message preview when you hover over the preview, then click More Options and Remove.
  • If you have questions or concerns about one of these emails, please send me a screenshot of the email invite or the Teams Activity, as this is the one time you do not want to forward it.

Important Reminder

•  2025-2026 UTK Compliance Training
  • Please remember to complete your 2025-2026 UTK Compliance Training by 5:00 pm on 12/31/2025.
  • This annual training is required for all UT employees.
  • The assignment includes the IT Security Awareness Training.
  • For UTIA employees, the IT Security Awareness Training course must be completed, or the user’s NetID will be disabled, causing the inability to connect to anything using the NetID for authentication, including email, DASH, Banner, Microsoft 365, K@TE, etc.
  • In order to get the NetID enabled, the user will have to call UTK’s OIT HelpDesk at (865) 974-9900.
  • Once the NetID is enabled, and the user will have 48 hours to complete the training or the NetID will be disabled again.
  • If you have completed the training, I thank you!

I hope you realize how much I appreciate the work each of you does to protect the Institute and its data, as well as its students, employees, clients, and yourself. Please remember that you can contact me any time you have any questions or concerns. You can also let me know if there is something you would like to see in the newsletter that would help you and others.

Sandy

Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone has an email group for students who are not employees of your department, please let me know what that address is, and I can include it. I do this as a blind copy so student names and addresses will not show up!