Other ways to search: Events Calendar | UTHSC

Cybersecurity Scam of the Week – Breaches Happening Due To Social Engineering


In the past week, did you hear about the American Airlines breach? How about Uber? IHG (Holiday Inn brand)? These are just three major companies that reported the leaking of data that started with social engineering attacks and poor cyber hygiene.

  • Uber reported that hackers gained access to specific databases and communication channels by targeting an individual employee and repeatedly sending multi-factor authentications (MFA). After more than an hour, a communication supposedly sent by an “IT Person” stated that the MFA notification would stop if they approved the login. This tactic is known as MFA fatigue, where a hacker wears down a victim with repeated attacks so they finally approve the “push” to get them to stop coming. 
  •  Holiday Inn’s parent company, IHG, was reported hacked because of a weak password, “Qwerty1234”. 
  • American Airlines reported a data breach after a number of employee email accounts were compromised that allowed access to sensitive personal information. The easiest way to compromise an account is to ask for the credentials in a phishing attack. With a valid username and password, anyone can log in.

MFA fatigue especially is becoming a larger problem as more organizations are adding multi-factor authentication to their security controls. Repeated requests for authentication, especially during “off-hours” when the IT department isn’t available to ask questions, lead to people just wanting those notifications to stop. And when they receive a communication from “IT” that it is a known issue and just accept the push to make them stop, they are willing to bypass known security measures.  

Remember to NEVER accept a DUO push unless you initiated it.  Also, take just one second, just ONE, to verify that the DUO push is coming from your device and your geo-location. Hackers have been known to get lucky and request a push the same time you legitimately request one, but theirs might come from another country. 

What has been reported to abuse@uthsc.edu this past week?

  • [Ext] Customer Statement 09/09/2022 – wanting the recipient to click on an attachment
  • [Ext] Your services renewal charged your card. – another autorenewal scam
  • [Ext] change in DD Details – a request to update direct deposit information so that hard-earned money goes to another’s account
  • [Ext] Invoice S100464130.001 PO# 22-4037 – an ‘invoice” that originated from Australia 
  • [Ext] Payment – this was a phish that attempted to set up an account in order to pay a fraudulent vendor
  • [Ext] Fwd: Renewal Payment Reminder. Auto-Debit – another autorenewal scam
  • [Ext] AIT Account Suspension Notice – a phisher attempting to look like they are from Microsoft wanting the recipient to click an attachment

Keep reporting suspicious emails to abuse@uthsc.edu for examination. If you wish to report an incident to the Office of Cybersecurity, use TechConnect.