Skip to content Skip to main navigation Report an accessibility issue

OIT News

Are You Prone?


Some of you may have noticed an increase in the number of phishing emails hitting your mailboxes. OIT received approximately 485 reports to abuse@utk.edu last week, which is higher than usual. One problem is that most of the reports come AFTER someone errantly clicked on the link. Fortunately for the clickers, these were phishing emails sent by UTK as part of a year-long phishing campaign.

UT Knoxville’s grade among the Phishing Prone? A solid “C-,” on a 10-point scale. Not terrible, but we can do better!

At the approval of the administration, OIT engaged the services of KnowBe4, one of the world’s leaders in security awareness training around phishing. Last week, emails were sent to ALL full-time, regular faculty and staff to establish a baseline score. “Clickers and Openers” would have seen a “404 – Page Not Found” error when they clicked on an embedded link or opened an attachment.

Twenty-five different phishing emails were sent randomly, so everyone did not receive the same email. Some had attachments that were opened by 16 employees. Some emails actually spoofed utk.edu addresses, (i.e., hr@utk.eduretirement@utk.edu). One thing to note is that these addresses were not provided to KnowBe4.

What? A dirty trick? Not at all! The campus’s intent was not to trifle with your feelings or embarrass you. It is meant to impress the importance of looking closer at the mail you receive, even when it “appears” to come from a trusted source. Like biological viruses, malware (think: ransomware) doesn’t care about your feelings, embarrassment, or cost that you incur by falling prey. The bad guys will claim their prey indiscriminately. 

A couple of observations:

  1. Some reporting the phish had clicked BEFORE reporting the phishing emails. Reporting it is GREAT. However, if you suspect it’s phishing, report it to abuse@utk.edu.
  2. Some reporting the phishing said, “What changed? We haven’t seen this much phishing email in 10-years!” It’s no accident that you don’t see MORE phishing in your UTK mailboxes. There are technical safeguards that provide some protection from 90% of the email sent to utk.edu, but no technical control is 100%. Even with those safeguards, some of these benign training emails would have gotten through.
  3. People forwarded the phishing email. Think about it; you get a phishing email (the training type or otherwise), and you forward it to others in the department or even the IT person in your department. You’re only spreading the infection. You should always, always, always report it to abuse@utk.edu whether you click it or not. OIT can investigate the report and pull the email out of mailboxes BEFORE your colleagues are affected. The fewer exposed, the fewer affected. In the case of these training emails, if you didn’t click but forwarded it on to one, two or more and THEY clicked it. Guess who made the stats? You did. Each email is customized to each user. Even if the IT person KNOWS it is training and clicks the link, YOU just made the list of “Clickers.”
  4. Staff forwarded the email to security@utk.edu. There is little that the Information Security Office or any IT person can do about a phishing email you receive. However, the folks receiving email at abuse@utk.edu can!

Over the next year, phishing emails will be sent out randomly each month. These will be unannounced. Instead of a “404 – Page Not Found,” those clicking will be presented with training on how to avoid being a victim. Oh…and they make the stats for that month. The program starts in the next few weeks in observation of Cyber Security Awareness Month, held every October.

Take the time to examine unsolicited emails. Actually, take the time to examine emails you normally expect, too. Look for the red flags such as WHO is sending it and WHERE is the URL taking you? The REAL phish will keep on coming, so be on your toes! Don’t be a statistic!

If you SEE something, SAY something – report it to abuse@utk.edu or, as you should for ANY IT incident, call the OIT HelpDesk at 865-974-9900.